[Federal Register Volume 77, Number 111 (Friday, June 8, 2012)]
[Rules and Regulations]
[Pages 33950-33964]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2012-13997]


=======================================================================
-----------------------------------------------------------------------

FEDERAL HOUSING FINANCE AGENCY

12 CFR Part 1236

RIN 2590-AA13


Prudential Management and Operations Standards

AGENCY: Federal Housing Finance Agency.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: Section 1108 of the Housing and Economic Recovery Act of 2008 
(HERA) amended the Federal Housing Enterprises Financial Safety and 
Soundness Act of 1992 (Safety and Soundness Act) to require the Federal 
Housing Finance Agency (FHFA) to establish prudential standards 
(Standards) relating to the management and operations of the Federal 
National Mortgage Association (Fannie Mae), Federal Home Loan Mortgage 
Corporation (Freddie Mac), and Federal Home Loan Banks (Banks) 
(collectively, regulated entities). This final rule implements those 
HERA amendments by providing for the establishment of the Standards in 
the form of guidelines, which initially are set out in an appendix to 
the rule. The final rule includes other provisions relating to the 
possible consequences for a regulated entity that fails to operate in 
accordance with the Standards.

DATES: This final rule is effective on August 7, 2012. For additional

[[Page 33951]]

information, see SUPPLEMENTARY INFORMATION.

FOR FURTHER INFORMATION CONTACT: Anthony Cornyn, Senior Associate 
Director, Office of Offsite Monitoring and Analysis, 
[email protected], (202) 649-3303; Karen Walter, Senior Associate 
Director, Office of Examination Policy and Programs, 
[email protected], (202) 649-3405; Neil R. Crowley, Deputy General 
Counsel, Office of the General Counsel, [email protected], (202) 
649-3055; or Michou Nguyen, Assistant General Counsel, Office of the 
General Counsel, [email protected], (202) 649-3081; Federal 
Housing Finance Agency, 400 7th Street SW., Washington, DC 20024, (not 
toll free numbers). The telephone number for the Telecommunications 
Device for the Deaf is (800) 877-8339.

SUPPLEMENTARY INFORMATION: 

I. Background

A. HERA Requirements

    Effective July 30, 2008, HERA, Public Law 110-289, 122 Stat. 2654 
(2008), created FHFA as an independent agency of the Federal Government 
and transferred to it the supervisory and oversight responsibilities 
over the regulated entities formerly vested with the Office of Federal 
Housing Enterprise Oversight (OFHEO) and the Federal Housing Finance 
Board (Finance Board). Section 1108 of HERA also added a new section 
1313B to the Safety and Soundness Act, which requires the FHFA Director 
to establish standards that address 10 separate areas relating to the 
management and operation of the regulated entities, and authorizes the 
Director to establish the standards by regulation or by guideline. 12 
U.S.C. 4513b. Those 10 areas relate to: Adequacy of internal controls 
and information systems; adequacy and independence of the internal 
audit systems; management of interest rate risk; management of market 
risk; adequacy of liquidity and reserves; management of growth in 
assets and in the investment portfolio; management of investments and 
acquisition of assets to ensure that they are consistent with the 
purposes of the Safety and Soundness Act and the regulated entities' 
authorizing statutes; \1\ adequacy of overall risk management 
processes; adequacy of credit and counterparty risk management 
practices; and maintenance of records that allow an accurate assessment 
of the institution's financial condition. 12 U.S.C. 4513b(a)(1)-(10). 
Section 1313B(a) also specifically authorizes the Director to establish 
other appropriate management and operations standards. 12 U.S.C. 
4513b(a)(11).
---------------------------------------------------------------------------

    \1\ The authorizing statute for Fannie Mae is the Federal 
National Mortgage Association Charter Act (12 U.S.C. 1716-1723i), 
for Freddie Mac, the Federal Home Loan Mortgage Corporation Act (12 
U.S.C. 1451-1459), and for the Banks, the Federal Home Loan Bank Act 
(12 U.S.C. 1421-1449) (Bank Act). 12 U.S.C. 4502(3).
---------------------------------------------------------------------------

    Section 1313B(b)(1) addresses the possible consequences for a 
regulated entity that fails to meet any of the Standards, and provides 
that the Director ``shall require'' the regulated entity to submit a 
corrective plan if the Standards have been adopted by regulation and 
``may require'' the regulated entity to submit a corrective plan if the 
Standards have been adopted as guidelines. 12 U.S.C. 4513b(b)(1)(A). If 
a regulated entity is required to submit a corrective plan to FHFA, it 
must do so within thirty (30) days after the Director determines that 
it has failed to meet any Standard. That plan must specify the actions 
that the regulated entity will take to conform its practices to the 
requirements of the Standards. 12 U.S.C. 4513b(b)(1). FHFA generally 
must act on such plans within thirty (30) days after receipt. 12 U.S.C. 
4513b(b)(1)(C)(ii).
    Section 1313B(b)(2) also addresses the possible consequences for a 
regulated entity that fails to submit an acceptable plan within the 
required time period or that fails in any material respect to implement 
a corrective plan that the Director has approved. In those cases, the 
Director must order the regulated entity to correct the deficiency. 12 
U.S.C. 4513b(b)(2)(A). The Director also has the discretionary 
authority to order further sanctions, including limits on asset growth, 
increases in capital, or any other action the Director believes will 
better carry out the purposes of the statute, until the regulated 
entity meets the Standard. 12 U.S.C. 4513b(b)(2)(B). Although the 
imposition of those additional sanctions generally is a matter of 
discretion for the Director, if a regulated entity that has failed to 
submit or implement a corrective plan also has experienced 
``extraordinary growth'' within the preceding 18 months, the Director 
is then required to impose at least one of those additional sanctions. 
The remedial powers that the Director may invoke under the prudential 
standards provisions are not exclusive, and section 1313B(c) expressly 
preserves the Director's right to exercise any other supervisory or 
enforcement authority available under the Safety and Soundness Act. 12 
U.S.C. 4513b(c).

B. The Proposed Rule

    On June 20, 2011, FHFA proposed a rule to establish the Standards 
as guidelines, which were set out in an appendix to the proposed 
rule.\2\ The proposal included other provisions relating to procedures 
for FHFA to notify a regulated entity of its failure to meet the 
Standards and the possible consequences for doing so. The proposed rule 
did not subject the Banks' Office of Finance (OF) to the prudential 
standards regime because several of the Standards address matters that 
are not relevant to the OF, such as those relating to interest rate, 
market and credit risks, and investment portfolio growth, and because 
the relevant HERA provisions did not require the inclusion of the OF. 
The same is true with respect to the statutory sanctions for 
noncompliance with the Standards, which include limits on asset growth 
and mandatory increases in capital.
---------------------------------------------------------------------------

    \2\ 76 FR 35791 (June 20, 2011).
---------------------------------------------------------------------------

C. Considerations of Differences Between the Banks and the Enterprises

    Section 1313(f) of the Safety and Soundness Act, as amended by 
HERA, requires the Director, when promulgating regulations relating to 
the Banks, to consider differences between the Banks and the 
Enterprises (Fannie Mae and Freddie Mac) with respect to the Banks' 
cooperative ownership structure; mission of providing liquidity to 
members; affordable housing and community development mission; capital 
structure; and joint and several liability. In preparing this final 
rule, the Director considered the differences between the Banks and the 
Enterprises as they relate to the above factors, and determined that 
the rule is appropriate.
    In developing the proposed rule, FHFA differentiated between the 
Banks and the Enterprises in defining ``extraordinary growth'' by 
excluding Bank advances from the calculation of extraordinary growth. 
The proposed standards also included provisions relating to market 
value of equity and par value of capital stock, which applied only to 
the Banks. Those provisions recognized the Banks' mission of providing 
liquidity to members through advances, as well as their unique capital 
structure. As discussed below in Section II.B.2. of this final rule, 
FHFA has further refined the definition of extraordinary growth in 
response to the Banks' comments by using a longer-term six calendar 
quarter period as the basis for measuring such growth. The revised 
definition should make it less likely that the short-term

[[Page 33952]]

fluctuations in non-advance assets that occur between the time that a 
member repays an advance and the time that a Bank redeems or 
repurchases the underlying capital stock will be deemed to constitute 
extraordinary growth.
    FHFA considered the Banks' request for different treatment in other 
areas as well. The Banks, in their joint comment letter (Joint Bank 
Letter), cited the importance of advances to the Banks' mission and the 
history of no credit-default on advances in support of their request to 
be exempted from Sec.  1236.5(a)(1) of the proposed rule, which allows 
FHFA, among other things, to prohibit a regulated entity from 
increasing its average total assets if it fails to submit a corrective 
plan or fails to comply with an approved corrective plan. The Banks 
raised that same argument with respect to certain requirements under 
Standard 9 relating to credit concentration.\3\ With respect to Sec.  
1236.5(a)(1) of the proposed rule, that provision included a cross-
reference to a statutory definition of ``total assets,'' located at 12 
U.S.C. 4516(b)(4), because the Safety and Soundness Act explicitly 
mandates that FHFA use that definition in determining a regulated 
entity's ``total assets'' for purposes of imposing any growth 
limitations under the remedial provisions of Sec.  1236.5(a). The Banks 
contended that the statutory definition of total assets in 12 U.S.C. 
4516(b)(4) should not apply to them because that provision on its face 
applies only to the Enterprises. Although that is technically true, the 
HERA provision mandating the establishment of the prudential standards, 
12 U.S.C. 4513b(b)(2)(B)(i), explicitly incorporates that definition 
into the prudential standards regime, which effectively extends that 
definition to the Banks for purposes of this final rule. Moreover, that 
definition, which includes only a regulated entity's on-balance sheet 
assets, any mortgage-backed securities that it has issued or 
guaranteed, and any off-balance sheet obligations permitted by FHFA, 
can readily be applied to the Banks. Accordingly, FHFA has determined 
not to treat the Banks any differently from the Enterprises for 
purposes of the definition of ``total assets,'' as used in Sec.  
1236.5(a)(1). With respect to the comments about credit concentration, 
FHFA has determined that Sec.  1236.5(a)(1) could serve as an effective 
and necessary remedy in appropriate circumstances without jeopardizing 
the Banks' mission. Furthermore, the absence of any history of defaults 
on advances does not guarantee that future defaults would not occur. 
Therefore, FHFA did not adopt these suggestions in the final rule.
---------------------------------------------------------------------------

    \3\ See Joint Bank Letter at 7 and 10-11.
---------------------------------------------------------------------------

II. Final Rule

A. Overview

    In this final rule, FHFA establishes the Standards, which are 
attached in an Appendix, as guidelines, as is authorized by 12 U.S.C. 
4513b(a). By adopting the Standards as guidelines, rather than as 
regulations, the Director may modify, revoke, or add to any one or more 
of them at any time by order and without undertaking a notice and 
comment rulemaking. The final rule also establishes certain procedures 
related to the Standards, and sets out the processes by which FHFA can 
notify a regulated entity of its failure to operate in accordance with 
the Standards and can direct the entity to take corrective action. The 
final rule also specifies the possible consequences for any regulated 
entity that fails to operate in accordance with the Standards or 
otherwise fails to comply with this part.
    In adopting the final rule, FHFA considered the four comment 
letters received in response to the proposed rule. The twelve Banks 
jointly submitted one comment letter, and individual letters were 
received from Fannie Mae (Fannie Letter), Freddie Mac (Freddie Letter), 
and the Mortgage Insurance Companies of America (MICA Letter). FHFA 
adopted some of the commenters' recommendations, in some instances 
making changes to the language of several rule provisions and 
Standards, and in other instances providing clarification in the 
Supplementary Information.
    In response to certain comments regarding the inclusion within many 
of the proposed Standards of references to the responsibilities of the 
boards and management, FHFA has made two principal revisions to the 
Standards. First, FHFA has created an introductory section to the 
Standards, entitled ``General Responsibilities of the Board of 
Directors and Senior Management.'' Second, FHFA has revised the 
Standards to remove many of the references to specific obligations of 
the board and management from the individual standards.
    The introductory section does not constitute a separate Standard, 
and thus does not impose any additional requirement on the regulated 
entities. Instead, this section is intended to recite, in the context 
of the regulated entities and the Standards generally, common concepts 
of corporate governance that would be typical for the board and 
management of any financial institution. The introductory section also 
contains a reminder that the specified responsibilities found in the 
Standards are not a comprehensive listing of the responsibilities of 
either the boards of directors or senior management, each of whom have 
additional duties and responsibilities to those described in the 
Standards. The streamlining of certain principles under the other 
Standards is designed to simplify them and eliminate repetition. The 
final rule also makes several clarifying non-substantive changes to the 
wording of certain principles of the Standards and to the text of 
Sec. Sec.  1236.1, 1236.3(b), 1236.4(b), and 1236.5(b) and (c). With 
those exceptions, the overall approach to establishing the Standards 
used in the proposed rule remains the same in the final rule.
    The following discussion of the comments is divided into two 
sections. The first section discusses three comments that are general 
in nature. These comments relate to the definition of extraordinary 
growth, corporate governance and the role of boards of directors of 
regulated entities, and potential conflicts between the Standards and 
existing FHFA regulations, including those of the Finance Board and 
OFHEO that remain in effect. The second category consists of comments 
that relate to specific provisions of the proposed rule or Standards. 
For ease of reference, in discussing the comments on the specific 
principles that make up each Standard, FHFA refers to each principle 
using the number given to the principle in the proposed rule. Other 
than the modifications discussed in this section, FHFA is adopting the 
rule and Standards as proposed.

B. General Comments

1. Responsibility of Boards of Directors of Regulated Entities
    The Banks and the Enterprises both believe that the language of 
several Standards can be read as placing on boards of directors of 
regulated entities responsibilities that are above and beyond the 
fiduciary duties typically imposed by existing corporate law. They also 
believe that the proposed rule may be interpreted in a manner that 
distorts the conventional distinction between the respective roles of 
boards of directors and senior management.\4\
---------------------------------------------------------------------------

    \4\ See Joint Bank Letter at 2, Fannie Letter at 1-2, and 
Freddie Letter at 1-2.
---------------------------------------------------------------------------

    In response to these comments, FHFA has modified the Standards in a 
manner that clarifies the duties of the boards of directors but still 
preserves the intent of the Standards. As previously noted,

[[Page 33953]]

FHFA has also streamlined and combined many of the principles relating 
to responsibilities of boards of directors and imported certain 
universally applicable concepts from the individual Standards into the 
new introductory section of the Standards. FHFA notes that boards of 
directors of regulated entities are ultimately responsible for 
overseeing the operations of a regulated entity and are expected to 
understand and remain informed about the nature of the risks faced by a 
regulated entity, and to have in place appropriate policies and 
controls to manage those risks. FHFA did not intend to suggest in the 
proposed rule that the boards of directors must effectively assume the 
duties of senior management, such as by becoming involved in the day-
to-day operations of the entity, in order to carry out their oversight 
responsibilities.
2. Definition of Extraordinary Growth
a. Threshold for Extraordinary Growth
    The proposed rule included separate definitions of ``extraordinary 
growth'' for the Banks and for the Enterprises.\5\ For the Enterprises, 
``extraordinary growth'' was defined to mean, for a given calendar 
quarter, quarterly non-annualized growth of assets in excess of 7.5 
percent, with such growth occurring within the 18-month period 
preceding the date on which FHFA notified the Enterprise that it must 
submit a corrective plan to address a failure to operate in accordance 
with the Standards. For the Banks, the definition was the same except 
that it was based on the growth of ``non-advance assets'' rather than 
total assets. The Banks suggested expanding the definition of 
``extraordinary growth'' in Sec.  1236.2 of the proposed rule to 
include a 20 percent annualized combined six calendar quarter growth 
threshold in addition to the quarterly 7.5 percent threshold proposed 
by FHFA.\6\
---------------------------------------------------------------------------

    \5\ The concept of ``extraordinary growth'' becomes relevant 
only if a regulated entity has either failed to submit an acceptable 
corrective plan or has failed to implement an approved plan. The 
presence of ``extraordinary growth'' by itself does not trigger any 
of the supervisory sanctions under the prudential standards statute 
or this rule, although FHFA may invoke its other supervisory 
authorities if necessary to address asset growth that it believes 
poses safety and soundness concerns.
    \6\ See Joint Bank Letter at 3-5.
---------------------------------------------------------------------------

    The Banks argued that, due to the mechanics and time lags in the 
repayment of advances and redemption of capital stock, short-term 
quarterly fluctuations in non-advance assets are common and can distort 
the results of the 7.5 percent test. In support of their contention, 
the Banks stated that as of the date of their letter, 9 of the 12 Banks 
would have been considered to be experiencing extraordinary growth, as 
defined by the proposed rule. The Banks believed that implementing an 
additional threshold of 20 percent annualized growth over the entire 
six calendar quarter look-back period would resolve their issue.\7\ 
After careful consideration of the Banks' comment and conducting its 
own analysis, FHFA is persuaded that the proposed definition of 
extraordinary growth for the Banks could have resulted in Banks being 
deemed to have experienced extraordinary growth based on short-term 
fluctuations in their non-advance assets that should not necessarily be 
deemed to have been extraordinary, given the cooperative business model 
of the Banks. Accordingly, in the final rule FHFA is eliminating the 
7.5 percent threshold for the Banks and replacing it with a threshold 
of 30 percent non-annualized growth in non-advance assets over the 
entire six calendar quarter look-back period.\8\
---------------------------------------------------------------------------

    \7\ See Join Bank Letter at 3-5.
    \8\ For efficiency and clarity, FHFA is adopting a 30% non-
annualized growth threshold instead of the Banks' suggested 
threshold of 20% annualized growth, which would equal 31.45% growth 
over the six quarter time period.
---------------------------------------------------------------------------

b. Calculation of Extraordinary Growth
    The look-back trigger date for the determination of extraordinary 
growth is the date on which FHFA notifies a regulated entity that it 
has failed to operate in accordance with the Standards and must submit 
a corrective plan. In order to accommodate situations where the trigger 
date occurs in the middle of a calendar quarter, FHFA is interpreting 
the look-back period to be the six full calendar quarters \9\ 
immediately prior to the trigger date. For example, if FHFA notifies an 
Enterprise on September 15, 2012 that it must submit a corrective plan, 
the relevant six calendar quarters over which the extraordinary growth 
calculation would be made would be the first two quarters of 2012 and 
all four quarters in 2011. If the Enterprise had asset growth of more 
than 7.5 percent in any of those quarters, it would be deemed to have 
experienced extraordinary growth. For a Bank, utilizing the same dates, 
if its non-advance assets grew more than 30 percent from January 1, 
2011 (the beginning of the first quarter of 2011) to June 30, 2012 (the 
end of the second quarter of 2012), it would be deemed to have 
experienced extraordinary growth.
---------------------------------------------------------------------------

    \9\ Calendar quarters means January 1st to March 31st, April 1st 
to June 30th, July 1st to September 30th, and October 1st to 
December 31st.
---------------------------------------------------------------------------

c. Other Comments on Extraordinary Growth
    FHFA received the following additional comments with respect to the 
definition of extraordinary growth. The Banks' letter asked that FHFA 
apply the extraordinary growth test prospectively, such that only asset 
growth occurring after the effective date of the final rule would be 
considered.\10\ The Freddie Letter asked that FHFA follow the approach 
of the federal banking agencies, in which the definition would only 
apply to regulated entities that are not in the highest capital 
classification. The Freddie Letter also asked that, for the 
Enterprises, assets be measured using the criteria specified in 
determining compliance with the portfolio limit covenant of the Senior 
Stock Purchase agreement with the Department of the Treasury.\11\ Both 
Freddie and the Banks also advocated for the creation of a process by 
which a regulated entity could challenge FHFA's finding of 
extraordinary growth. The Banks also argued that FHFA should be 
required to submit its numerical analysis to the regulated entity to 
support its finding of extraordinary growth.\12\
---------------------------------------------------------------------------

    \10\ See Joint Bank Letter at 5.
    \11\ See Freddie Letter at 4.
    \12\ See Freddie Letter at 4 and Joint Bank letter at 5.
---------------------------------------------------------------------------

    Applying the extraordinary growth test using only asset growth that 
would occur after the effective date of the final rule would unduly 
delay the operation of that portion of the rule for at least 18 months, 
which FHFA does not believe is necessary given the revisions that it 
has made to the definition of extraordinary growth with respect to the 
Banks. FHFA also believes that modifying the definition of 
extraordinary growth with respect to the Enterprises to incorporate the 
portfolio limit covenant of the Senior Stock Purchase agreement is not 
appropriate. Under that covenant, the Enterprises are required to 
reduce their ``mortgage-related investments portfolios'' by 10 percent 
per year until reaching a specified limit, and FHFA does not believe 
that such a provision is appropriate for measuring growth of the 
Enterprises. With respect to limiting the application of extraordinary 
growth to those entities that are not in the highest capital 
classification, FHFA is not persuaded that the standards used for 
depository institutions are necessarily well-suited to the regulated 
entities, and the Safety and Soundness Act does not

[[Page 33954]]

mandate that the definition be limited in that manner. Moreover, the 
Standards address matters other than capital adequacy, and it is 
possible that an adequately-capitalized entity may fail to operate in 
accordance with the Standards. Lastly, FHFA does not believe that it is 
appropriate to include a method to contest a determination of 
extraordinary growth or to require FHFA to submit numerical analysis to 
justify a finding of extraordinary growth, as both steps would unduly 
delay the administration of the rule and remedies for failures to meet 
the Standards. Also, given that FHFA has revised the definition of 
extraordinary growth for the Banks, they should be able to assess 
FHFA's determination based on the data in their own call reports.
3. Potential Conflicts With FHFA Regulations
    The Banks believed that certain Standards conflict or overlap with 
other existing regulations, particularly the remaining regulations of 
the Finance Board.\13\ As noted when this rule was proposed, FHFA 
intends to review all of its regulations, as well as those of the 
Finance Board and OFHEO as it incorporates them into the FHFA 
regulations, to ensure conformity and eliminate conflicts and overlap. 
To address any potential issues that may arise until such review is 
completed, FHFA is amending Sec.  1236.3 of the proposed rule to 
provide that in cases of a direct conflict between a Standard and an 
FHFA regulation (including Finance Board and OFHEO regulations that 
remain in effect pursuant to sections 1302 and 1312 of HERA), the 
regulation would control. Additionally, in such cases, a regulated 
entity would not be held accountable for failing to meet the Standard 
and the remedial provisions in Sec. Sec.  1236.4 and 1236.5 relating to 
the failure to meet a Standard and the submission and implementation of 
a corrective plan would not apply. FHFA notes that in cases where it is 
possible for a regulated entity to comply with both a Standard and a 
regulation, such as when there is substantial overlap or when a 
Standard is more stringent than a regulation, FHFA does not consider 
this to be a direct conflict and expects regulated entities to comply 
with both the Standard and the regulation.
---------------------------------------------------------------------------

    \13\ See Joint Bank Letter at 1-2.
---------------------------------------------------------------------------

C. Specific Comments

1. Section 1236.3 (Prudential Standards as Guidelines)
    The Banks have requested that FHFA provide the opportunity for 
notice and comment on any future changes to the Standards and afford 
regulated entities at least a 90-day grace period to conform with such 
changes.\14\ The proposed rule would have allowed FHFA to update the 
Standards by order, as necessary to incorporate changes in best 
practices and to address particular supervisory concerns. That approach 
is clearly contemplated by the HERA amendments, which authorize the 
Director to adopt the Standards as regulations, which require formal 
notice and comment, or as guidelines, which do not. Although the final 
rule does not require the Director to go through a rulemaking process 
to amend the Standards, it does allow the Director the flexibility to 
seek public comment on particular changes to the guidelines, as the 
Director deems to be appropriate. FHFA believes that the decision to 
exercise the flexibility to seek public comment and to provide a grace 
period for regulated entities to align their practices with new or 
revised guidelines is best addressed on a case-by-case basis when 
future changes are proposed.
---------------------------------------------------------------------------

    \14\ See Joint Bank Letter at 2.
---------------------------------------------------------------------------

2. Section 1236.4 (Failure To Meet a Standard, Corrective Plans)
    The Banks have requested that in making any finding of a failure to 
meet a Standard pursuant to Sec.  1236.4(a), FHFA identify the relevant 
Standard and the basis for the determination. The Banks' letter also 
requests that FHFA create a process for a regulated entity to contest a 
finding of failure to meet a Standard, and a safe-harbor provision for 
a good faith effort to meet a Standard.\15\ FHFA has added language to 
Sec.  1236.4(b) of the final rule that would provide that the written 
notice that FHFA must provide to any regulated entity that is required 
to submit a corrective plan must inform the regulated entity of FHFA's 
determination. By adding that language, FHFA intends that any such 
notice would clearly identify the Standard and the substance of the 
regulated entity's failure to meet it. However, FHFA does not believe 
that the creation of a process to contest a finding of failure to meet 
a Standard is appropriate because it would unduly delay the remediation 
of the underlying problem and hinder FHFA's ability to carry out its 
oversight responsibilities. Furthermore, such a process is not required 
by statute. Unlike a violation of a statute or a regulation that has 
been adopted with force and effect of law, a regulated entity's failure 
to meet a Standard that has been adopted as a guideline would likely 
not trigger FHFA's administrative enforcement authority. Instead, a 
failure to meet a Standard would, in the absence of any other violation 
or unsafe or unsound conduct, trigger only those remedies provided by 
HERA with respect to the prudential standards regime.
---------------------------------------------------------------------------

    \15\ See Joint Bank Letter at 6.
---------------------------------------------------------------------------

    Section 1236.4(c) addresses the contents and filing requirements 
relating to a corrective plan. One provision of the proposed rule 
implemented a statutory provision, which provides that a regulated 
entity that is undercapitalized and is required to submit a capital 
restoration plan may submit the corrective plan required under these 
regulations as part of the capital restoration plan. 12 U.S.C. 
4513b(b)(1)(B). Section 1236.4(c)(2)(ii) of the proposed rule carried 
over the substance of the statutory provision, providing that a 
regulated entity that is required to file a capital restoration plan 
may, with the permission of FHFA, submit a corrective plan as part of 
the capital restoration plan. The proposed rule also expanded on the 
statutory authorization by allowing a regulated entity to submit its 
corrective plan as part of its response to any cease-and-desist order, 
agreement with FHFA, or a report of examination or inspection. The 
Banks have requested that FHFA remove the requirement for obtaining 
FHFA permission in order for a regulated entity to file its corrective 
plan as part of some other submission.\16\ In the final rule, in order 
to be consistent with the statutory language, FHFA is removing the 
requirement that a regulated entity obtain FHFA's permission before 
combining its corrective plan with a capital restoration plan. However, 
FHFA notes that in certain cases, a capital restoration plan and a 
corrective plan may well have little in common to justify their 
combination or may present matters that must be addressed on different 
timeframes. For example, a corrective plan will set out the actions 
that a regulated entity plans to take in order to conform its practices 
to one or more of the prudential standards and the timeframe for doing 
so. A capital restoration plan will address matters relating to the 
capital adequacy and may present issues of more compelling urgency that 
must be addressed before any other supervisory matters. In any

[[Page 33955]]

cases where combining a corrective plan and capital restoration plan 
would not be effective, FHFA may decline to consider a corrective plan 
as part of a capital restoration plan. Because the HERA amendments are 
permissive in nature, providing that a regulated entity ``may'' submit 
a corrective plan as part of a capital restoration plan, FHFA believes 
that it need not consider the two plans together if it believes there 
are valid supervisory reasons for evaluating them separately. Thus, 
FHFA expects that any undercapitalized entity that is contemplating 
submitting combined plans should first consult with FHFA to determine 
whether it would have any supervisory reasons for objecting to that 
approach. Furthermore, for similar reasons as stated above, FHFA has 
retained the requirement that a regulated entity obtain FHFA's 
permission before combining its corrective plan with another type of 
response to a supervisory action because FHFA believes that the 
discretion on whether it is desirable to combine a corrective plan with 
another type of response to a supervisory action, other than a capital 
restoration plan, must remain with FHFA. FHFA has made clarifying 
revisions to Sec.  1236.4(c)(2)(ii), which make clear that while it may 
be possible for a regulated entity to submit a corrective plan as part 
of a capital restoration plan, the corrective plan would not be ``part 
of'' a cease-and desist order, formal or informal agreement, or 
examination, even if it were to be submitted as part of a regulated 
entity's compliance with any such order, agreement, or response to an 
examination.
---------------------------------------------------------------------------

    \16\ See Joint Bank Letter at 6.
---------------------------------------------------------------------------

    Section 1236.4(e) addresses the period of time within which FHFA 
must act in response to the submission of a corrective plan. As a 
general matter, within thirty (30) calendar days of its receipt of a 
corrective plan, FHFA must notify the regulated entity of its decision 
on the plan (i.e., approval or denial), or of its need for additional 
information, or of its decision to extend the review period beyond 
thirty (30) calendar days. The Banks' letter requests that the decision 
to extend the review period be communicated in writing.\17\ FHFA is 
revising Sec.  1236.4(e) to adopt this suggestion.
---------------------------------------------------------------------------

    \17\ See Joint Bank Letter at 6.
---------------------------------------------------------------------------

3. Section 1236.5 (Failure To Submit a Corrective Plan, Noncompliance)
    The underlying statute sets forth certain actions that FHFA may 
take if a regulated entity has failed to timely submit an acceptable 
corrective plan or has failed to implement or otherwise comply with an 
approved corrective plan in any material respect. At a minimum, the 
Director must order the regulated entity to correct that deficiency. 
The Director also has the discretion under the statute to place limits 
on asset growth, require increases to capital, limit dividends and 
stock redemptions or repurchases, or require a minimum level of 
retained earnings, or take any other action that the Director deems 
would better carry out the purposes of the prudential standards 
statutory regime. 12 U.S.C. 4513b(b)(2)(B). The statute further 
provides that, if a regulated entity that has failed to submit or 
implement a corrective plan also has experienced ``extraordinary 
growth'' over the 18-month period preceding its failure to meet the 
Standards, the Director must impose at least one of the remedies listed 
above. Section 1236.5(a) and (b) of the proposed rule largely carried 
over those statutory requirements into the final rule.
    Freddie Mac's letter requests that materiality be factored into any 
determination of non-compliance with a corrective plan, and seeks 
clarification that any other remedy that the Director decides to impose 
must be deemed to be more effective than the five remedies listed in 
Sec.  1236.5(a).\18\ The Banks' letter requests that a regulated entity 
be afforded an opportunity to modify a corrective plan deemed 
unacceptable instead of being penalized for a failure to submit an 
acceptable plan.\19\ In response to Freddie Mac's comment, FHFA is 
revising Sec.  1236.5(a) to add in the words ``in any material 
respect'' in relation to a regulated entity's failure to implement an 
approved corrective plan, and is revising Sec.  1236.5(a)(6) to include 
language that any ``other actions'' that the Director may order must 
``better carry out'' the purposes of the statute, as that proviso also 
appears in the statute. FHFA also notes that it does not intend to 
penalize regulated entities that in good faith submit corrective plans 
that require modifications in order to be accepted by FHFA. FHFA would 
not deem a plan unacceptable unless a regulated entity fails to 
promptly modify it to provide for acceptable remediation, or submits a 
plan that is so significantly insufficient that it does not appear to 
be realistically susceptible of acceptable modification through the 
normal processes of discussion between a regulator and the regulated 
entity. With respect to the ``other actions'' that the Director may 
take under Sec.  1236.5(a)(6), FHFA does not interpret the ``better 
carry out'' proviso as requiring that any such ``other action'' must be 
taken in lieu of the enumerated remedies. Rather, FHFA believes that 
the proviso authorizes the Director to combine one or more of the 
enumerated remedies with any ``other action'' that the Director 
determines will better enable FHFA to ensure that the entity operates 
in accordance with the Standards.\20\
---------------------------------------------------------------------------

    \18\ See Freddie Letter at 4.
    \19\ See Joint Bank Letter at 7.
    \20\ As discussed in Section I.C. supra, the Banks requested 
that restrictions on increases in advances not be included as a 
possible remedy ordered by the Director. For the reasons previously 
stated, FHFA is not adopting the Banks' suggestion.
---------------------------------------------------------------------------

    Under Sec.  1236.5(c)(1), FHFA generally will notify a regulated 
entity that has failed to submit or implement a corrective plan of its 
intent to issue an order requiring the regulated entity to take 
corrective action. However, if the circumstances so require, Sec.  
1236.5(c)(4) provides that FHFA need not provide advance notice and may 
instead require a regulated entity immediately to take or refrain from 
taking actions to correct its failure to meet one or more of the 
Standards. Within fourteen (14) calendar days of the issuance of such 
an immediately effective order, unless otherwise specified by FHFA, a 
regulated entity may appeal the order in writing. FHFA will act on an 
appeal within sixty (60) days, during which time the order will remain 
in effect unless FHFA stays its effectiveness.
    The Banks have requested that FHFA clarify the circumstances under 
which the Director may invoke the provision in Sec.  1236.5(c)(4) and 
issue an immediately effective order. The Banks also believe that the 
sixty (60) days granted to FHFA to act on an appeal is too lengthy, 
especially when compared to the fourteen (14) days granted to a 
regulated entity to appeal an immediately effective order.\21\ FHFA 
believes that it is impractical to specify in advance all of the 
circumstances under which an immediately effective order might be 
necessary, and that the rule must allow the Director sufficient 
latitude to respond to various types of circumstances that may require 
immediate corrective action. Furthermore, FHFA believes that the 
safeguards provided by the appeal process, including the proposed time 
frames, as proposed, are appropriate.
---------------------------------------------------------------------------

    \21\ See Join Bank Letter at 7-8.
---------------------------------------------------------------------------

4. Standard 1 (Internal Controls and Information Systems) \22\
---------------------------------------------------------------------------

    \22\ The Joint Bank Letter cites several specific provisions in 
the Standards that the Banks believe either overlap or conflict with 
existing regulations. The issue of conflicts with regulations is 
addressed in section II.B.3. supra. Similarly, the Joint Bank 
Letter, the Fannie Mae Letter, and the Freddie Mac Letter cite 
several specific Standards in relation to corporate governance 
issues. Those comments are addressed comprehensively in section 
II.B.1. supra.
---------------------------------------------------------------------------

    The Banks and Freddie Mac both requested revisions to Standard 1,

[[Page 33956]]

believing that the scope of Principle 2 of proposed Standard 1, which 
requires the board of directors of a regulated entity to review and 
approve the overall business strategy and significant policies of the 
regulated entity, is overly broad. The Banks' letter suggests that the 
term ``significant policies'' should be defined only as internal 
controls that must be approved by the audit committee under the 
Sarbanes-Oxley Act, while Freddie Mac's letter suggests that the 
principle be limited to corporate governance rules of the national 
securities exchanges where a regulated entity's securities are 
listed.\23\ FHFA believes that having board-approved business 
strategies and significant policies are a key starting point for having 
effective internal controls and that narrowing the scope of Principle 2 
in the manner suggested would unnecessarily weaken the effectiveness of 
the principle.\24\
---------------------------------------------------------------------------

    \23\ See Joint Bank Letter at 8 and Freddie Letter at 2.
    \24\ In the final rule, proposed Principle 2 has been 
consolidated with proposed Principles 1, 3, and 4 into a final 
Principle 1. Portions of proposed Principle 2, including the 
requirement to review ``significant policies,'' have been relocated 
to part 1 of the general responsibilities section of the Standards 
in the final rule.
---------------------------------------------------------------------------

    Freddie Mac's letter states that proposed Principle 3, which 
requires the board of directors of a regulated entity to approve the 
entity's organizational structure, is too vague and overly burdensome. 
Freddie suggests either eliminating the principle or limiting its 
scope.\25\ FHFA disagrees with Freddie Mac's assessment and believes 
that, as drafted, the principle is an appropriate means to ensure that 
regulated entities have appropriate organizational structures that are 
part of a robust internal control function.\26\
---------------------------------------------------------------------------

    \25\ See Freddie Letter at 2.
    \26\ In the final rule, the substance of proposed Principle 3 
has been consolidated with proposed Principles 1, 2, and 4 into 
final Principle 1.
---------------------------------------------------------------------------

    In their letter, the Banks argue that the requirement to have a 
formal self-assessment process to monitor internal controls under 
proposed Principle 12 is redundant in light of the fact that the Banks 
must comply with Sarbanes-Oxley Act requirements relating to internal 
controls.\27\ However, the scope of Principle 12 is broader than the 
scope of the Sarbanes-Oxley requirements, as those requirements address 
internal controls for financial reporting, whereas Principle 12 is 
designed to address all types of internal controls. Therefore, FHFA 
does not believe that Principle 12 is redundant and is adopting it as 
proposed.\28\
---------------------------------------------------------------------------

    \27\ See Joint Bank Letter at 8.
    \28\ In the final rule, FHFA has consolidated proposed 
Principles 5 and 6 into final Principle 2; proposed Principles 7 
through 12 have been consolidated into final Principles 4 and 5 and 
certain concepts from those principles have been relocated to parts 
1 and 5 of the general responsibilities section. FHFA also made 
clarifying changes to proposed Principle 13 and renumbered it and 
other principles accordingly.
---------------------------------------------------------------------------

5. Standard 2 (Independence and Adequacy of Internal Audit Systems)
    The Banks have requested that proposed Principle 5, relating to 
internal audit systems, use the term ``testing'' instead of 
``monitoring'' because the Banks believe that audits are designed to 
test and not provide ongoing monitoring.\29\ Freddie Mac believes that 
the term ``internal audit system'' should be changed to ``internal 
audit function'' to avoid any suggestion that ``system'' means a fully 
automated system.\30\ FHFA is adopting both of these suggestions. In 
addition, FHFA is changing proposed Principle 10, in response to a 
comment by the Banks, to clarify the scope of the responsibilities of 
the internal audit department. This revision removes a requirement that 
the audit department must ``ensure'' that certain violations or 
findings are satisfactorily resolved because the auditors do not have 
operational responsibilities and thus cannot act to ``resolve'' the 
underlying matters. As revised, the Standard requires the audit 
department to determine whether the responsible parties within the 
organization have addressed the violations or findings.
---------------------------------------------------------------------------

    \29\ See Joint Bank Letter at 8.
    \30\ See Freddie Letter at 2.
---------------------------------------------------------------------------

6. Standard 3 (Management of Market Risk Exposure)
    Fannie Mae believes that proposed Principle 1, relating to market 
risk exposure, is redundant because proposed Principle 7, which 
requires the board of directors or a committee of the board to review 
risk exposures periodically, and proposed Principle 6 under Standard 8, 
which requires, among other things, that the board of directors and 
senior management be provided with accurate and timely reports on 
market risk exposure, sufficiently address the issue of market 
risk.\31\ FHFA believes that proposed Principle 1 is broader and 
different in focus than the other principles cited by Fannie Mae and 
should not be repealed. However, in an effort to streamline the board 
of responsibility requirements, the substance of proposed Principles 2, 
3, 4, 5, 6, and 7 have been merged into final Principles 2 and 3 and 
certain concepts have been relocated to parts 1 and 4 of the general 
responsibilities section.
---------------------------------------------------------------------------

    \31\ See Fannie Letter at 2-3.
---------------------------------------------------------------------------

    Proposed Principle 11 requires senior management to ensure that a 
regulated entity's policies and procedures identify remedial actions to 
be taken in the event that market risk limits are violated. The Banks 
argue that a particular future remedial action to be taken in response 
to a violation of the market risk limitations cannot be predetermined, 
and thus should not be required to be stated in their policies and 
procedures.\32\ In response to the comment, FHFA has revised the 
principle to require that if a market risk limit is breached, the board 
of directors must ensure that appropriate remedial action is taken.\33\ 
The Banks' letter asks FHFA to clarify that under proposed Principle 
12, which requires senior management to keep the board of directors 
sufficiently informed about market risk exposures, satisfactory 
monitoring by the board would generally include periodic monitoring of 
established market risk tolerances and limits and exception-based 
reporting.\34\ Although the actions identified by the Banks' letter may 
well be part of an acceptable process for identifying and managing 
market risk exposure, FHFA does not believe that it would be 
appropriate to specify that these particular actions would be 
sufficient to demonstrate compliance with the Standard. Because the 
level of market risk may vary from regulated entity to regulated 
entity, FHFA believes that the language of the proposed standard, which 
requires that the information provided to the board be sufficient for 
it to meaningfully assess market risk exposures, is a better approach. 
Accordingly, the final rule does not include the requested change. FHFA 
has, however, streamlined proposed Principles 3, 4, 5, 8, 9, 10, 12 and 
13 (which are now final Principles 3, 5, 6) and moved certain concepts 
to items 4, 6, and 8 of the general responsibilities section of the 
Standards.
---------------------------------------------------------------------------

    \32\ See Joint Bank Letter at 9.
    \33\ The substance of proposed Principle 11 has been reorganized 
into final Principles 2 and 6.
    \34\ See Joint Bank Letter at 9.
---------------------------------------------------------------------------

7. Standard 4 (Management of Market Risk--Measurement Systems, Risk 
Limits, Stress Testing, and Monitoring and Reporting)
    Proposed Principle 3 requires that a regulated entity's market risk

[[Page 33957]]

measurement system be capable of valuing all financial assets and 
liabilities in the entity's portfolio. The Banks' letter requests 
further clarification of the terms ``financial assets and 
liabilities.'' \35\ FHFA believes that these terms are widely 
understood and do not require additional clarification.
---------------------------------------------------------------------------

    \35\ See Joint Bank Letter at 9.
---------------------------------------------------------------------------

8. Standard 5 (Adequacy and Maintenance of Liquidity and Reserves)
    Proposed Principle 1 of this Standard requires a regulated entity's 
board to approve, at least annually, all major strategies and policies 
governing liquidity and reserves. The Banks' letter notes that Finance 
Board regulations Sec.  917.3(a)(2) and 917.3(b)(3)(iii) require the 
boards of directors of the Banks to review the risk management policy 
annually and re-adopt such policy at least every three years, which the 
Banks view as a direct conflict.\36\ FHFA does not believe that the 
regulations directly conflict with Principle 1 because the annual 
approval contemplated by the Standard would satisfy the requirement 
that the boards re-adopt policies at least every three years. However, 
FHFA has streamlined proposed Principles 1 and 2 into final Principle 
1, streamlined proposed Principles 3 and 4 into final Principle 2, and 
relocated some of the requirements to parts 1 and 2 of the general 
responsibilities section of the Standards.
---------------------------------------------------------------------------

    \36\ See Joint Bank Letter at 9.
---------------------------------------------------------------------------

9. Standard 6 (Management of Asset and Investment Portfolio Growth)
    Proposed Principle 2 generally requires the board of directors to 
establish policies governing asset and investment growth, including 
limits on growth of mortgage loans and mortgage-backed securities. The 
Banks asked that FHFA revise this provision to make clear that it is 
not intended to apply to the growth of advances or letters of credits 
by the Banks.\37\ FHFA has decided not to make any changes to the text 
of the principle to exempt advances and standby letters of credit from 
these requirements because it believes that the Banks should monitor 
growth in those products to ensure that the Banks are not taking any 
undue risks. That said, the requirement that the Banks must have 
policies relating to growth in advances and letters of credit does not 
mean that the Banks must establish numerical limits for those products. 
Instead, it would be sufficient for the Banks to have policies that 
link growth in advances and letters of credit to factors such as the 
financial condition of the members, the amount and quality of the 
collateral, the members' collateral management practices, and prudent 
underwriting standards. FHFA notes that it has combined proposed 
Principles 1 and 2 into final Principle 1; streamlined proposed 
Principles 3 and 4 (renumbered as final Principles 2 and 3); moved 
certain concepts in proposed Principles 1, 2, and 3 to items 1, 2, and 
5 in the general responsibilities section of the Standards; and 
reorganized the subheadings in Standard 6.
---------------------------------------------------------------------------

    \37\ See Joint Bank Letter at 9-10.
---------------------------------------------------------------------------

10. Standard 7 (Investments and Acquisitions of Assets)
    Proposed Standard 7 implements a statutory requirement that FHFA 
adopt Standards that relate to a regulated entity's ``investments and 
acquisitions of assets'' to ensure that they are consistent with the 
regulated entity's chartering statute and the Safety and Soundness Act. 
Several principles under Standard 7 utilize the terms ``investments'' 
and ``other assets,'' neither of which is defined, and Freddie Mac has 
asked that FHFA clarify the meaning of ``other assets.'' \38\ FHFA 
considers ``investments'' to mean all assets held by the regulated 
entity for the purpose of yielding a return but that are not related to 
its core mission as a GSE. In the case of the Banks, ``investments'' 
would include things such as federal funds sold, repurchase agreements, 
and investment securities. In the case of the Enterprises, investments 
would include things such as federal funds and investment securities. 
``Other assets'' are all assets held by the regulated entity other than 
``investments,'' including mission related assets such as advances and 
acquired member assets in the case of the Banks and mortgage loans in 
the case of the Enterprises. FHFA notes that the final rule has 
streamlined proposed Principles 1 and 2 into final Principle 1 and 
replaced a subheading within Standard 7.
---------------------------------------------------------------------------

    \38\ See Freddie Mac Letter at 3.
---------------------------------------------------------------------------

11. Standard 8 (Overall Risk Management Processes)
    The final rule revises proposed Principle 11 (renumbered as final 
Principle 5) to state that the chief risk officer should report 
directly to both the chief executive officer and the risk committee of 
the board of directors. This change is being made to conform proposed 
Principle 11 to the recommended practices issued by other financial 
regulators.\39\ The final rule also combines proposed Principles 1 
through 4 into final Principle 1 and proposed Principles 5 through 8 
into final Principle 2 and certain concepts from these principles have 
been relocated to items 2 and 4 of the general responsibilities section 
of the Standards.
---------------------------------------------------------------------------

    \39\ Proposed Principle 11 has been renumbered as final 
Principle 5.
---------------------------------------------------------------------------

12. Standard 9 (Management of Credit Counterparty Risk)
    In light of a pending joint rulemaking on derivative instruments by 
the Commodity Futures Trading Commission (``CFTC'') and the Securities 
and Exchange Commission (``SEC''), the Banks' letter requests that FHFA 
suspend proposed Principle 2, relating to policies and procedures for 
the use of derivative instruments, until the completion of the CFTC and 
SEC rulemaking.\40\ FHFA has decided not to suspend this principle 
until the joint rulemaking is complete because the Banks currently use 
derivative instruments and should already have appropriate derivative 
policies in place, even in the absence of final rulemaking by the CFTC 
and SEC. FHFA expects that those policies will need to be modified 
after the issuance of final rules by the CFTC and SEC relating to the 
use of clearinghouses and exchanges for derivatives trades.\41\
---------------------------------------------------------------------------

    \40\ See Joint Bank Letter at 10.
    \41\ Proposed Principles 1, 2, and 3 have been streamlined and 
combined into final Principle 1 and certain concepts have been 
relocated to items 1 and 2 of the general responsibilities section 
of the Standards.
---------------------------------------------------------------------------

    Proposed Principle 4 \42\ requires senior management to brief the 
board regularly on a regulated entity's credit exposure including, 
among other things, ``problem credits,'' and proposed Principle 10 
requires entities to have policies for addressing such ``problem 
credits.'' The Banks' letter requests that FHFA exclude advances from 
the scope of the term ``problem credits'' because the Banks have never 
sustained any credit losses on advances. The Banks further argue that 
the programs that they currently have in place to assess, monitor, 
measure, and report credit risk are sufficient.\43\ As previously 
noted, the historical absence of credit losses on advances does not 
guarantee that there will be no future losses and does not justify 
excluding advances from the scope of Principles 4 and 10.\44\
---------------------------------------------------------------------------

    \42\ Proposed Principle 4 has been streamlined and renumbered as 
final Principle 2.
    \43\ See Joint Bank Letter at 10.
    \44\ In order to streamline Standard 9, the requirement to 
address problem credits has been removed from Principle 4 but still 
exists in Principle 8 (formerly Principle 10).
---------------------------------------------------------------------------

    The Banks again cite the historical absence of credit losses on 
advances to argue that proposed Principle 5

[[Page 33958]]

(renumbered as final Principle 3), which requires a regulated entity to 
have policies that limit concentrations of credit risk and systems that 
can identify such concentrations, should not apply to them.\45\ For the 
same reasons discussed in the previous paragraph, FHFA believes that 
proposed Principle 5 should apply to all regulated entities. 
Concentrations of credit risk for the Banks may be present in their 
advances business as well as in other areas of their business, such as 
extensions of unsecured credit and derivatives transactions, as well as 
the investment portfolio. The existence of those other sources of risk 
requires that the Banks have systems in place that can identify such 
concentration of risk, as well as policies to limit those concentration 
risks. Although the secured nature of advances and the lien priority 
that is afforded to the Banks lessen the risks to a Bank resulting from 
a concentration of advances to certain borrowers, the risks exist and 
the Banks should have in place policies for addressing them. Given the 
unique nature of advances and the Banks' cooperative business model, 
FHFA expects that a Bank's policies and limits relating to 
concentrations arising from its advances business may well differ from 
those relating to concentrations arising from other sources.
---------------------------------------------------------------------------

    \45\ See Joint Bank Letter at 11.
---------------------------------------------------------------------------

    MICA's letter suggests that FHFA expand proposed Principle 8 
(renumbered as final Principle 6) to not only require that regulated 
entities have procedures and policies in place to make informed credit 
decisions at the outset, but to also require that such procedures are 
employed on an ongoing basis and include the use of back-testing to 
ensure that the initial credit decisions are validated and to reveal 
any need for further improvement in credit-risk protocols.\46\ FHFA 
does not believe that the extra procedures requested by MICA are 
necessary at this time.
---------------------------------------------------------------------------

    \46\ See MICA Letter at 2.
---------------------------------------------------------------------------

    Proposed Principle 11 (renumbered as final Principle 9) requires a 
regulated entity to have a system of independent, ongoing credit 
review, including stress testing and scenario analysis. The Banks' 
letter seeks clarification of the scope of the term ``independent 
ongoing credit review.'' \47\ In response to the comment, FHFA is 
revising Principle 11 to more specifically identify the type of ongoing 
credit review program envisioned by this principle.
---------------------------------------------------------------------------

    \47\ See Joint Bank Letter at 11.
---------------------------------------------------------------------------

13. Standard 10 (Maintenance of Adequate Records)
    In response to a comment from the Banks, FHFA is changing the term 
``records management plan'' to ``record retention program'' in proposed 
Principle 3 \48\ to better align it with the terminology of part 1235 
of the FHFA regulations (12 CFR part 1235), which addresses record 
retention requirements for the regulated entities.\49\ In response to a 
comment from Freddie Mac, FHFA is modifying proposed Principle 4 to 
make it clear that the scope of the records management plan includes 
all records and not just the records of the board of directors.\50\ 
Lastly, in response to a comment by the Banks requesting clarification 
as to what type of ``reporting errors'' or ``irregularities'' must be 
detected and corrected, FHFA is revising proposed Principle 5 to delete 
the term ``irregularities.'' \51\ FHFA believes that the term 
``reporting errors'' is sufficiently clear. The final rule also deletes 
the subheading that appears before proposed Principle 6.
---------------------------------------------------------------------------

    \48\ The numbering of the principles in Standard 10 has not 
changed from the proposed rule to the final rule.
    \49\ See Joint Bank Letter at 11.
    \50\ See Freddie Mac Letter at 3.
    \51\ See Joint Bank Letter at 11.
---------------------------------------------------------------------------

D. Introduction--General Responsibilities for Boards and Management

    As discussed previously, the final version of the Standards 
includes an introductory section dealing with the general 
responsibilities of the boards and management of the regulated 
entities. That new section consists of the following three parts: 
Responsibilities of the board of directors, responsibilities of senior 
management, and joint responsibilities of the board and senior 
management. Each section is compiled from concepts that had been 
included as part of the Principles under most of the 10 proposed 
Standards. FHFA believes that grouping these generally applicable board 
of directors and senior management responsibilities in an introductory 
section, rather than dispersing them over 10 separate Standards, 
improves the presentation and clarity of the Standards. As stated 
previously, the introductory section is intended to provide an overview 
of what FHFA believes to be typical director and officer 
responsibilities in the context of financial institutions generally, as 
well as in the context of the Standards.
1. Board of Director Responsibilities
    Items 1 through 4 of the general responsibilities section address 
responsibilities of boards of directors. Item 1 requires the board of 
directors, with respect to each subject matter addressed by each 
Standard, to adopt appropriate business strategies, policies, and 
procedures. It also requires boards to review such strategies, policies 
and procedures periodically and approve all major strategies, policies, 
and procedures annually. The next item addresses the board's 
responsibility in overseeing management and ensuring that management 
includes qualified personnel. Items 3 and 4 require boards to remain 
informed about the operations of a regulated entity and about specific 
risks and exposures, including market, credit, and counterparty risk. 
These items also address the need to establish risk tolerances and 
remedy any violation of those risk limits.
2. Senior Management Responsibilities
    Items 5 through 8 of the general responsibilities section address 
the responsibilities of senior management of the regulated entities. 
Item 5 requires senior management, with respect to each subject matter 
addressed by each Standard, to develop the policies, procedures, and 
practices that are necessary to implement the business strategies and 
policies adopted by the board of directors. Senior management should 
also ensure that the policies, procedures, and practices are followed 
by all personnel and that such personnel are competent and 
appropriately trained. Item 6 requires senior management to ensure that 
the regulated entity has adequate resources, systems, and controls to 
effectively execute the entity's business strategies, policies and 
procedures, including operating consistently with each of the 
Standards. The last two items, 7 and 8, address the need for senior 
management to keep the board of directors informed through periodic 
reports and discussions.
3. Joint Responsibilities
    Items 9 and 10 (formerly Principle 13 of proposed Standard 1 and 
Principle 7 of proposed Standard 8, respectively) of the general 
responsibilities section require the board of directors and senior 
management to conduct themselves in a manner that promotes high ethical 
standards and a culture of compliance throughout the organization. The 
board of directors and senior management are also required to ensure 
that the regulated entity's overall risk profile is aligned with its 
mission objectives.

[[Page 33959]]

III. Paperwork Reduction Act

    The final rule does not contain any information collection 
requirement that requires the approval of the Office of Management and 
Budget under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et 
seq.).

IV. Regulatory Flexibility Act

    The final rule applies only to the Banks and the Enterprises, which 
do not come within the meaning of small entities as defined in the 
Regulatory Flexibility Act (5 U.S.C. 601 et seq.). See 5 U.S.C. 650(b). 
Therefore, FHFA certifies that this final rule will not have 
significant economic impact on a substantial number of small entities.

List of Subjects in 12 CFR Part 1236

    Administrative practice and procedure, Federal home loan banks, 
Government-sponsored enterprises, Reporting and recordkeeping 
requirements.

    For the reasons stated in the Supplementary Information, FHFA 
amends chapter XII of title 12 of the Code of Federal Regulations by 
adding part 1236 to subchapter B to read as follows:

PART 1236--PRUDENTIAL MANAGEMENT AND OPERATIONS STANDARDS

Sec.
1236.1 Purpose.
1236.2 Definitions.
1236.3 Prudential standards as guidelines.
1236.4 Failure to meet a standard; corrective plans.
1236.5 Failure to submit a corrective plan; noncompliance.
Appendix to Part 1236--Prudential Management and Operations 
Standards

    Authority: 12 U.S.C. 4511, 4513(a) and (f), 4513b, and 4526.


Sec.  1236.1  Purpose.

    This part establishes the prudential management and operations 
standards that are required by 12 U.S.C. 4513b and the processes by 
which FHFA can notify a regulated entity of its failure to operate in 
accordance with the standards and can direct the entity to take 
corrective action. This part further specifies the possible 
consequences for any regulated entity that fails to operate in 
accordance with the standards or otherwise fails to comply with this 
part.


Sec.  1236.2  Definitions.

    Unless otherwise indicated, terms used in this part have the 
meanings that they have in the Federal Housing Enterprises Financial 
Safety and Soundness Act, 12 U.S.C. 4501 et seq., or the Federal Home 
Loan Bank Act, 12 U.S.C. 1421 et seq.
    Extraordinary growth--(1) For purposes of 12 U.S.C. 4513b(b)(3)(C), 
means:
    (i) With respect to a Bank, growth of non-advance assets in excess 
of 30 percent over the six calendar quarter period preceding the date 
on which FHFA notified the Bank that it was required to submit a 
corrective plan; and
    (ii) With respect to an Enterprise, quarterly non-annualized growth 
of assets in excess of 7.5 percent in any calendar quarter during the 
six calendar quarter period preceding the date on which FHFA notified 
the Enterprise that it was required to submit a corrective plan.
    (2) For purposes of calculating an increase in assets, assets 
acquired through merger or acquisition approved by FHFA are not to be 
included.
    FHFA means the Federal Housing Finance Agency.
    Standards means any one or more of the prudential management and 
operations standards established by the Director pursuant to 12 U.S.C. 
4513b(a), as modified from time to time pursuant to Sec.  1236.3(b).


Sec.  1236.3  Prudential standards as guidelines.

    (a) The Standards constitute the prudential management and 
operations standards required by 12 U.S.C. 4513b.
    (b) The Standards have been adopted as guidelines, as authorized by 
12 U.S.C. 4513b(a), and the Director may modify, revoke, or add to the 
Standards, or any one or more of them, at any time by order or notice.
    (c) In the case of a direct conflict between a Standard and an FHFA 
regulation, when it is not possible to comply with both the Standard 
and the FHFA regulation, the regulation shall control.
    (d) Failure to meet any Standard may constitute an unsafe and 
unsound practice for purposes of the enforcement provisions of 12 
U.S.C. chapter 46, subchapter III.


Sec.  1236.4  Failure to meet a standard; corrective plans.

    (a) Determination. FHFA may, based upon an examination, inspection 
or any other information, determine that a regulated entity has failed 
to meet one or more of the Standards.
    (b) Submission of corrective plan. If FHFA determines that a 
regulated entity has failed to meet any Standard, FHFA may require the 
entity to submit a corrective plan, in which case FHFA shall, by 
written notice, inform the regulated entity of that determination and 
the requirement to submit a corrective plan.
    (c) Corrective plans.--(1) Contents of plan. A corrective plan 
shall describe the actions the regulated entity will take to correct 
its failure to meet any one or more of the Standards, and the time 
within which each action will be taken.
    (2) Filing deadline.--(i) In general. A regulated entity must file 
a written corrective plan with FHFA within thirty (30) calendar days of 
being notified by FHFA of its failure to meet a Standard and need to 
file a corrective plan, unless FHFA notifies the regulated entity in 
writing that the plan must be filed within a different time period.
    (ii) Other plans. If a regulated entity must file a capital 
restoration plan submitted pursuant to 12 U.S.C. 4622, it may submit 
the corrective plan required under this section as part of the capital 
restoration plan, subject to the deadline in paragraph (c)(2)(i) of 
this section. If a regulated entity currently is operating under a 
cease-and-desist order entered into pursuant to 12 U.S.C. 4631 or 4632, 
or a formal or informal agreement, or must file a response to a report 
of examination or report of inspection, it may, with the permission of 
FHFA, submit the corrective plan required under this section as part of 
the regulated entity's compliance with that order, agreement or 
response, subject to the deadline in paragraph (c)(2)(i) of this 
section, but the corrective plan would not become a part of the order, 
agreement, or response.
    (d) Amendment of corrective plan. A regulated entity that is 
operating in accordance with an approved corrective plan may submit a 
written request to FHFA to amend the plan as necessary to reflect any 
changes in circumstance. Until such time that FHFA approves a proposed 
amendment, the regulated entity must continue to operate in accordance 
with the terms of the corrective plan as previously approved.
    (e) Review of corrective plans and amendments. Within thirty (30) 
calendar days of receiving a corrective plan or proposed amendment to a 
plan, FHFA will notify the regulated entity in writing of its decision 
on the plan, will direct the regulated entity to submit additional 
information, or will notify the regulated entity in writing that FHFA 
has established a different deadline.


Sec.  1236.5  Failure to submit a corrective plan; noncompliance.

    (a) Remedies. If a regulated entity fails to submit an acceptable 
corrective plan under Sec.  1236.4(b), or fails in any material respect 
to implement or

[[Page 33960]]

otherwise comply with an approved corrective plan, FHFA shall order the 
regulated entity to correct that deficiency, and may:
    (1) Prohibit the regulated entity from increasing its average total 
assets, as defined in 12 U.S.C. 4516(b)(4), for any calendar quarter 
over its average total assets for the preceding calendar quarter, or 
may otherwise restrict the rate at which the average total assets of 
the regulated entity may increase from one calendar quarter to another;
    (2) Prohibit the regulated entity from paying dividends;
    (3) Prohibit the regulated entity from redeeming or repurchasing 
capital stock;
    (4) Require the regulated entity to maintain or increase its level 
of retained earnings;
    (5) Require an Enterprise to increase its ratio of core capital to 
assets, or require a Bank to increase its ratio of total capital, as 
defined in 12 U.S.C. 1426(a)(5), to assets; or
    (6) Require the regulated entity to take any other action that the 
Director determines will better carry out the purposes of the statute 
by bringing the regulated entity into conformance with the Standards.
    (b) Extraordinary growth. If a regulated entity that has failed to 
submit an acceptable corrective plan or has failed in any material 
respect to implement or otherwise comply with an approved corrective 
plan, also has experienced extraordinary growth, FHFA shall impose at 
least one of the sanctions listed in paragraph (a) of this section, 
consistently with the requirements of 12 U.S.C. 4513b(b)(3).
    (c) Orders.--(1) Notice. Except as provided in paragraph (c)(4) of 
this section, FHFA will notify a regulated entity in writing of its 
intent to issue an order requiring the regulated entity to correct its 
failure to submit or its failure in any material respect to implement 
or otherwise comply with an approved corrective plan. Any such notice 
will include:
    (i) A statement that the regulated entity has failed to submit a 
corrective plan under Sec.  1236.4, or has not implemented or otherwise 
has not complied in any material respect with an approved plan;
    (ii) A description of any sanctions that FHFA intends to impose 
and, in the case of the mandatory sanctions required by 12 U.S.C. 
4513b(b)(3), a statement that FHFA believes that the regulated entity 
has experienced extraordinary growth; and
    (iii) The proposed date when any sanctions would become effective 
or the proposed date for completion of any required actions.
    (2) Response to notice. A regulated entity may file a written 
response to a notice of intent to issue an order, which must be 
delivered to FHFA within fourteen (14) calendar days of the date of the 
notice, unless FHFA determines that a different time period is 
appropriate in light of the safety and soundness of the regulated 
entity or other relevant circumstances. The response should include:
    (i) An explanation why the regulated entity believes that the 
action proposed by FHFA is not an appropriate exercise of discretion;
    (ii) Any recommended modification of the proposed order; and
    (iii) Any other relevant information, mitigating circumstances, 
documentation or other evidence in support of the position of the 
regulated entity regarding the proposed order.
    (3) Failure to file response. A regulated entity's failure to file 
a written response within the specified time period will constitute a 
waiver of the opportunity to respond and will constitute consent to 
issuance of the order.
    (4) Immediate issuance of final order. FHFA may issue an order 
requiring a regulated entity immediately to take actions to correct a 
Standards deficiency or to take or refrain from taking other actions 
pursuant to paragraph (a) of this section. Within fourteen (14) 
calendar days of the issuance of an order under this paragraph, or 
other time period specified by FHFA, a regulated entity may submit a 
written appeal of the order to FHFA. FHFA will respond in writing to a 
timely filed appeal within sixty (60) days after receiving the appeal. 
During this period, the order will remain in effect unless FHFA stays 
the effectiveness of the order.
    (d) Request for modification or rescission of order. A regulated 
entity subject to an order under this part may submit a written request 
to FHFA for an amendment to the order to reflect a change in 
circumstance. Unless otherwise ordered by FHFA, the order shall 
continue in place while such a request is pending before FHFA.
    (e) Agency review and determination. FHFA will respond in writing 
within thirty (30) days after receiving a response or amendment 
request, unless FHFA notifies the regulated entity in writing that it 
will respond within a different time period. After considering a 
regulated entity's response or amendment request, FHFA may:
    (1) Issue the order as proposed or in modified form;
    (2) Determine not to issue the order and instead issue a different 
order; or
    (3) Seek additional information or clarification of the response 
from the regulated entity, or any other relevant source.

Appendix to Part 1236--Prudential Management and Operations Standards

General Responsibilities of the Board of Directors and Senior 
Management

    The following provisions address the general responsibilities of 
the boards of directors and senior management of the regulated 
entities as they relate to the matters addressed by each of the 
Standards. The descriptions are not a comprehensive listing of the 
responsibilities of either the boards or senior management, each of 
whom have additional duties and responsibilities to those described 
in these Standards.

Responsibilities of the Board of Directors

    1. With respect to the subject matter addressed by each 
Standard, the board of directors is responsible for adopting 
business strategies, policies, and procedures that are appropriate 
for the particular subject matter. The board should review all such 
strategies, policies, and procedures periodically, and should review 
and approve all major strategies and policies at least annually, and 
make any revisions that are necessary to ensure that they remain 
consistent with the entity's overall business plan.
    2. The board of directors is responsible for overseeing 
management of the regulated entity, which includes ensuring that 
management includes personnel who are appropriately trained and 
competent to oversee the operation of the regulated entity as it 
relates to the functions and requirements addressed by each 
Standard, and that management implements the policies and procedures 
set forth by the board.
    3. The board of directors is responsible for remaining informed 
about the operations and condition of the regulated entity, 
including operating consistently with the Standards, and senior 
management's implementation of the strategies, policies and 
procedures established by the board of directors.
    4. The board of directors must remain sufficiently informed 
about the nature and level of the regulated entity's overall risk 
exposures, including market, credit, and counterparty risk, so that 
it can understand the possible short- and long-term effects of those 
exposures on the financial health of the regulated entity, including 
the possible short- and long-term consequences to earnings, 
liquidity, and economic value. The board of directors should: 
establish the regulated entity's risk tolerances and should provide 
management with clear guidance regarding the level of acceptable 
risks; review the regulated entity's entire market risk management 
framework, including policies and entity-wide risk limits at least 
annually; oversee the adequacy of the actions taken by senior 
management to identify, measure, manage, and control the regulated 
entity's risk exposures; and ensure that management takes 
appropriate corrective measures whenever market risk limit 
violations or breaches occur.

[[Page 33961]]

Responsibilities of Senior Management

    5. With respect to the subject matter addressed by each 
Standard, senior management is responsible for developing the 
policies, procedures and practices that are necessary to implement 
the business strategies and policies adopted by the board of 
directors. Senior management should ensure that such items are 
clearly written, sufficiently detailed, and are followed by all 
personnel. Senior management also should ensure that the regulated 
entity has personnel who are appropriately trained and competent to 
carry out their respective functions and that all delegated 
responsibilities are performed.
    6. Senior management should ensure that the regulated entity has 
adequate resources, systems and controls available to execute 
effectively the entity's business strategies, policies and 
procedures, including operating consistently with each of the 
Standards.
    7. Senior management should provide the board of directors with 
periodic reports relating to the regulated entity's condition and 
performance, including the subject matter addressed by each of the 
Standards, that are sufficiently detailed to allow the board of 
directors to remain fully informed about the business of the 
regulated entity.
    8. Senior management should regularly review and discuss with 
the board of directors information regarding the regulated entity's 
risk exposures that is sufficient in detail and timeliness to permit 
the board of directors to understand and assess the performance of 
management in identifying and managing the various risks to which 
the regulated entity is exposed.

Responsibilities of the Board of Directors and Senior Management

    9. The board of directors and senior management should conduct 
themselves in such a manner as to promote high ethical standards and 
a culture of compliance throughout the organization.
    10. The board of directors and senior management should ensure 
that the regulated entity's overall risk profile is aligned with its 
mission objectives.
    The following provisions constitute the prudential management 
and operations standards established pursuant to 12 U.S.C. 4513b(a).

Standard 1--Internal Controls and Information Systems

Responsibilities of the Board of Directors

    1. Regarding internal controls and information systems, the 
board of directors of each regulated entity should adopt appropriate 
policies, ensure personnel are appropriately trained and competent, 
approve and periodically review overall business strategies, approve 
the organizational structure, and assess the adequacy of senior 
management's oversight of this function.

Responsibilities of Senior Management

    2. Regarding internal controls and information systems, senior 
management should implement strategies and policies approved by the 
board of directors, establish appropriate policies, monitor the 
adequacy and effectiveness of this function, and ensure personnel 
are appropriately trained and competent. The organizational 
structure should clearly assign responsibility, authority, and 
reporting relationships.

Responsibilities of the Board of Directors and Senior Management

    3. Regarding internal controls and information systems, both the 
board of directors and senior management should promote high ethical 
standards, create a culture that emphasizes the importance of this 
function, and promptly address any issues in need of remediation.

Framework

    4. The regulated entity should have an adequate and effective 
system of internal controls, which should include a board approved 
organizational structure that clearly assigns responsibilities, 
authority, and reporting relationships, and establishes an 
appropriate segregation of duties that ensures that personnel are 
not assigned conflicting responsibilities.
    5. The regulated entity should establish appropriate internal 
control policies and should monitor the adequacy and effectiveness 
of its internal controls and information systems on an ongoing basis 
through a formal self-assessment process.
    6. The regulated entity should have an organizational culture 
that emphasizes and demonstrates to personnel at all levels the 
importance of internal controls.
    7. The regulated entity should address promptly any violations, 
findings, weaknesses, deficiencies, and other issues in need of 
remediation relating to the internal control systems.

Risk Recognition and Assessment

    8. A regulated entity should have an effective risk assessment 
process that ensures that management recognizes and continually 
assesses all material risks, including credit risk, market risk, 
interest rate risk, liquidity risk, and operational risk.

Control Activities and Segregation of Duties

    9. A regulated entity should have an effective internal control 
system that defines control activities at every business level.
    10. A regulated entity's control activities should include:
    a. Board of directors and senior management reviews of progress 
toward goals and objectives;
    b. Appropriate activity controls for each business unit;
    c. Physical controls to protect property and other assets and 
limit access to property and systems;
    d. Procedures for monitoring compliance with exposure limits and 
follow-up on non-compliance;
    e. A system of approvals and authorizations for transactions 
over certain limits; and
    f. A system for verification and reconciliation of transactions.

Information and Communication

    11. A regulated entity should have information systems that 
provide relevant, accurate and timely information and data.
    12. A regulated entity should have secure information systems 
that are supported by adequate contingency arrangements.
    13. A regulated entity should have effective channels of 
communication to ensure that all personnel understand and adhere to 
policies and procedures affecting their duties and responsibilities.

Monitoring Activities and Correcting Deficiencies

    14. A regulated entity should monitor the overall effectiveness 
of its internal controls and key risks on an ongoing basis and 
ensure that business units and internal and external audit conduct 
periodic evaluations.
    15. Internal control deficiencies should be reported to senior 
management and the board of directors on a timely basis and 
addressed promptly.

Applicable Laws, Regulations, and Policies

    16. A regulated entity should comply with all applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins) 
governing internal controls and information systems.

Standard 2--Independence and Adequacy of Internal Audit Systems

Audit Committee

    1. A regulated entity's board of directors should have an audit 
committee that exercises proper oversight and adopts appropriate 
policies and procedures designed to ensure the independence of the 
internal audit function. The audit committee should ensure that the 
internal audit department includes personnel who are appropriately 
trained and competent to oversee the internal audit function.
    2. The board of directors should review and approve the audit 
committee charter at least every three years.
    3. The audit committee of the board of directors is responsible 
for monitoring and evaluating the effectiveness of the regulated 
entity's internal audit function.
    4. Issues reported by the internal audit department to the audit 
committee should be promptly addressed and satisfactorily resolved.

Internal Audit Function

    5. A regulated entity should have an internal audit function 
that provides for adequate testing of the system of internal 
controls.
    6. A regulated entity should have an independent and objective 
internal audit department that reports directly to the audit 
committee of the board of directors.
    7. A regulated entity's internal audit department should be 
adequately staffed with properly trained and competent personnel.
    8. The internal audit department should conduct risk-based 
audits.
    9. The internal audit department should conduct adequate testing 
and review of internal control and information systems.
    10. The internal audit department should determine whether 
violations, findings, weaknesses and other issues reported by 
regulators, external auditors, and others have been promptly 
addressed.

[[Page 33962]]

Applicable Laws, Regulations, and Policies

    11. A regulated entity should comply with applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins) 
governing the independence and adequacy of internal audit systems.

Standard 3--Management of Market Risk Exposure

Responsibilities of the Board of Directors

    1. Regarding the overall management of market risk exposure, the 
board of directors should remain sufficiently informed about the 
nature and level of the regulated entity's market risk exposures. At 
least annually, the board should review the entire market risk 
framework, including policies and risk limits, and provide an 
assessment of compliance.
    2. Regarding the policies, practices and procedures surrounding 
the management of market risk, the board of directors should approve 
all major strategies and policies relating to the management of 
market risk, ensure all major strategies and policies are consistent 
with the overall business plan, establish and communicate a market 
risk tolerance, and ensure appropriate corrective measures are taken 
when market risk limit violations or breaches occur.
    3. The board, or a board appointed committee, should oversee the 
adequacy of actions taken by senior management to identify, measure, 
manage, and control market risk exposures, ensure market risk 
policies establish lines of authority and responsibility, and review 
risk exposures on a periodic basis.

Responsibilities of Senior Management

    4. Regarding the overall management of market risk exposure, 
senior management should provide sufficient and timely information 
to the board of directors, ensure personnel are appropriately 
trained and competent, ensure adequate systems and resources are 
available to manage and control market risk, report any breaches to 
the board of directors (or the appropriate board committee), and 
take appropriate remedial action.
    5. Regarding the policies, practices, and procedures surrounding 
market risk exposure, senior management should ensure market risk 
policies and procedures are clearly written, sufficiently detailed, 
and followed. Approved policies and procedures should include clear 
market risk limits and lines of authority for managing market risk.

Market Risk Strategy

    6. A regulated entity should have a clearly defined and well-
documented strategy for managing market risk, which must be 
consistent with its overall business plan, must enable the regulated 
entity to identify, manage, monitor, and control the regulated 
entity's risk exposures on a business unit and an enterprise-wide 
basis, and must ensure that the lines of authority and 
responsibility for managing market risk and monitoring market risk 
limits are clearly identified. The strategy should specify a target 
account, or target accounts, for managing market risk (e.g., specify 
whether the objective is to control risk to earnings, net portfolio 
value, or some other target, or some combination of targets), and, 
if a market risk limit is breached, should require that the breach 
be reported to the board of directors, or the appropriate board 
committee, and that appropriate remedial action, including any 
ordered by the board of directors, should be taken.
    7. Management should ensure that the board of directors is made 
aware of the advantages and disadvantages of the regulated entity's 
chosen market risk management strategy, as well as those of 
alternative strategies, so that the board of directors can make an 
informed judgment about the relative efficacy of the different 
strategies.
    8. A Bank's strategy for managing market risk should take into 
account the importance of maintaining the market value of equity of 
member stock commensurate with the par value of that stock so that 
the Bank is able to redeem and repurchase member stock at par value.
    9. A regulated entity should comply with all applicable laws, 
regulations, and supervisory guidance, (e.g., advisory bulletins) 
governing the independence and adequacy of the management of market 
risk exposure.

Standard 4--Management of Market Risk--Measurement Systems, Risk 
Limits, Stress Testing, and Monitoring and Reporting

 Risk Measurement Systems

    1. A regulated entity should have a risk measurement system (a 
model or models) that capture(s) all material sources of market risk 
and provide(s) meaningful and timely measures of the regulated 
entity's risk exposures, as well as personnel who are appropriately 
trained and competent to operate and oversee the risk measurement 
system.
    2. The risk measurement system should be capable of estimating 
the effect of changes in interest rates and other key risk factors 
on the regulated entity's earnings and market value of equity over a 
range of scenarios.
    3. The measurement system should be capable of valuing all 
financial assets and liabilities in the regulated entity's 
portfolio.
    4. The measurement system should address all material sources of 
market risk including repricing risk, yield curve risk, basis risk, 
and options risk.
    5. Management should ensure the integrity and timeliness of the 
data inputs used to measure the regulated entity's market risk 
exposures, and should ensure that assumptions and parameters are 
reasonable and properly documented.
    6. The measurement system's methodologies, assumptions, and 
parameters should be thoroughly documented, understood by 
management, and reviewed on a regular basis.
    7. A regulated entity's market risk model should be upgraded 
periodically to incorporate advances in risk modeling technology.
    8. A regulated entity should have a documented approval process 
for model changes that requires model changes to be authorized by a 
party independent of the party making the change.
    9. A regulated entity should ensure that its models are 
independently validated on a regular basis.

Risk Limits

    10. Risk limits should be consistent with the regulated entity's 
strategy for managing interest rate risk and should take into 
account the financial condition of the regulated entity, including 
its capital position.
    11. Risk limits should address the potential impact of changes 
in market interest rates on net interest income, net income, and the 
regulated entity's market value of equity.

Stress Testing

    12. A regulated entity should conduct stress tests on a regular 
basis for a variety of institution-specific and market-wide stress 
scenarios to identify potential vulnerabilities and to ensure that 
exposures are consistent with the regulated entity's tolerance for 
risk.
    13. A regulated entity should use stress test outcomes to adjust 
its market risk management strategies, policies, and positions and 
to develop effective contingency plans.
    14. Special consideration should be given to ensuring that 
complex financial instruments, including instruments with complex 
option features, are properly valued under stress scenarios and that 
the risks associated with options exposures are properly understood.
    15. Management should ensure that the regulated entity's board 
of directors or a committee thereof considers the results of stress 
tests when establishing and reviewing its strategies, policies, and 
limits for managing and controlling interest rate risk.
    16. The board of directors and senior management should review 
periodically the design of stress tests to ensure that they 
encompass the kinds of market conditions under which the regulated 
entity's positions and strategies would be most vulnerable.

Monitoring and Reporting

    17. A regulated entity should have an adequate management 
information system for reporting market risk exposures.
    18. The board of directors, senior management, and the 
appropriate line managers should be provided with regular, accurate, 
informative, and timely market risk reports.

Applicable Laws, Regulations, and Policies

    19. A regulated entity should comply with all applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins) 
governing the management of market risk.

Standard 5--Adequacy and Maintenance of Liquidity and Reserves

Responsibilities of the Board of Directors

    1. Regarding the adequacy and maintenance of liquidity and 
reserves, the board of directors should review (at least annually) 
all major strategies and policies governing this area, approve 
appropriate revisions to such strategies and policies, and ensure 
senior management are appropriately trained to effectively manage 
liquidity.

[[Page 33963]]

Responsibilities of Senior Management

    2. Regarding the adequacy and maintenance of liquidity and 
reserves, senior management should develop strategies, policies, and 
practices to manage liquidity risk, ensure personnel are 
appropriately trained and competent, and provide the board of 
directors with periodic reports on the regulated entity's liquidity 
position.

Policies, Practices, and Procedures

    3. A regulated entity should establish a liquidity management 
framework that ensures it maintains sufficient liquidity to 
withstand a range of stressful events.
    4. A regulated entity should articulate a liquidity risk 
tolerance that is appropriate for its business strategy and its 
mission goals and objectives.
    5. A regulated entity should have a sound process for 
identifying, measuring, monitoring, controlling, and reporting its 
liquidity position and its liquidity risk exposures.
    6. A regulated entity should establish a funding strategy that 
provides effective diversification in the sources and tenor of 
funding.
    7. A regulated entity should conduct stress tests on a regular 
basis for a variety of institution-specific and market-wide stress 
scenarios to identify sources of potential liquidity strain and to 
ensure that current exposures remain in accordance with each 
regulated entity's established liquidity risk tolerance.
    8. A regulated entity should use stress test outcomes to adjust 
its liquidity management strategies, policies, and positions and to 
develop effective contingency plans.
    9. A regulated entity should have a formal contingency funding 
plan that clearly sets out the strategies for addressing liquidity 
shortfalls in emergencies. Where practical, contingent funding 
sources should be tested or drawn on periodically to assess their 
reliability and operational soundness.
    10. A regulated entity should maintain adequate reserves of 
liquid assets, including adequate reserves of unencumbered, 
marketable securities that can be liquidated to meet unexpected 
needs.

Applicable Laws, Regulations, and Policies

    11. A regulated entity should comply with all applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins) 
governing the adequacy and maintenance of liquidity and reserves.

Standard 6--Management of Asset and Investment Portfolio Growth

Responsibilities of the Board of Directors and Senior Management

    1. Regarding the management of asset and investment portfolio 
growth, the board of directors is responsible for overseeing the 
management of growth in these areas, ensuring senior management are 
appropriately trained and competent, establishing policies governing 
the regulated entity's assets and investment growth, with prudential 
limits on the growth of mortgages and mortgage-backed securities, 
and reviewing policies at least annually.
    2. Regarding the management of asset and investment portfolio 
growth, senior management should adhere to board-approved policies 
governing growth in these areas, and ensure personnel are 
appropriately trained and competent to manage the growth.

Risk Measurement, Monitoring, and Control

    3. A regulated entity should manage its asset growth and 
investment growth in a prudent manner that is consistent with the 
regulated entity's business strategy, board-approved policies, risk 
tolerances, and safe and sound operations, and should establish 
prudential limits on the growth of its portfolios of mortgage loans 
and mortgage backed securities.
    4. A regulated entity should manage asset growth and investment 
growth in a way that is compatible with mission goals and 
objectives.
    5. A regulated entity should manage investments and acquisition 
of assets in a way that complies with all applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins).

Standard 7--Investments and Acquisitions of Assets

Responsibilities of the Board of Directors and Senior Management

    1. The board of directors is responsible for overseeing the 
regulated entity's investments and acquisition of other assets, 
ensuring senior management are appropriately trained and competent, 
and establishing, approving and periodically reviewing policies and 
procedures governing investments and acquisitions of other assets.

Policies, Practices, and Procedures

    2. A regulated entity should have a board-approved investment 
policy that establishes clear and explicit guidelines that are 
appropriate to the regulated entity's mission and objectives. The 
investment policy should establish the regulated entity's investment 
objectives, risk tolerances, investment constraints, and policies 
and procedures for selecting investments.
    3. A regulated entity should have a board-approved policy 
governing acquisitions of major categories of assets other than 
investments. The policy should establish clear and explicit 
guidelines for asset acquisitions that are appropriate to the 
regulated entity's mission and objectives.
    4. A regulated entity should manage investments and acquisitions 
of assets prudently and in a manner that is consistent with mission 
goals and objectives.
    5. Each Bank's investment policies and acquisition of assets 
should take into account the importance of maintaining the market 
value of member stock commensurate with the par value of that stock 
so that the Bank is able to redeem and repurchase member stock at 
par value at all times.
    6. A regulated entity should manage investments and acquisitions 
of assets in a way that complies with all applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins).

Standard 8--Overall Risk Management Processes

Responsibilities of the Board of Directors

    1. Regarding overall risk management processes, the board of 
directors is responsible for overseeing the process, ensuring senior 
management are appropriately trained and competent, ensuring 
processes are in place to identify, manage, monitor and control risk 
exposures (this function may be delegated to a board appointed 
committee), approving all major risk limits, and ensuring incentive 
compensation measures for senior management capture a full range of 
risks.

Responsibilities of the Board and Senior Management

    2. Regarding overall risk management processes, the board of 
directors and senior management should establish and sustain a 
culture that promotes effective risk management. This culture 
includes timely, accurate and informative risk reports, alignment of 
the regulated entity's overall risk profile with its mission 
objectives, and the annual review of comprehensive self-assessments 
of material risks.

Independent Risk Management Function

    3. A regulated entity should have an independent risk management 
function, or unit, with responsibility for risk measurement and risk 
monitoring, including monitoring and enforcement of risk limits.
    4. The chief risk officer should head the risk management 
function.
    5. The chief risk officer should report directly to the chief 
executive officer and the risk committee of the board of directors.
    6. The risk management function should have adequate resources, 
including a well-trained and capable staff.

Risk Measurement, Monitoring, and Control

    7. A regulated entity should measure, monitor, and control its 
overall risk exposures, reviewing market, credit, liquidity, and 
operational risk exposures on both a business unit (or business 
segment) and enterprise-wide basis.
    8. A regulated entity should have the risk management systems to 
generate, at an appropriate frequency, the information needed to 
manage risk. Such systems should include systems for market, credit, 
operational, and liquidity risk analysis, asset and liability 
management, regulatory reporting, and performance measurement.
    9. A regulated entity should have a comprehensive set of risk 
limits and monitoring procedures to ensure that risk exposures 
remain within established risk limits, and a mechanism for reporting 
violations and breaches of risk limits to senior management and the 
board of directors.
    10. A regulated entity should ensure that it has sufficient 
controls around risk measurement models to ensure the completeness, 
accuracy, and timeliness of risk information.
    11. A regulated entity should have adequate and well-tested 
disaster recovery and business resumption plans for all major

[[Page 33964]]

systems and have remote facilitates to limit the impact of 
disruptive events.

Applicable Laws, Regulations, and Policies

    12. A regulated entity should comply with all applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins) 
governing the management of risk.

Standard 9--Management of Credit and Counterparty Risk

Responsibilities of the Board of Directors and Senior Management

    1. Regarding the management of credit and counterparty risk, the 
board of directors and senior management are responsible for 
ensuring that the regulated entity has appropriate policies, 
procedures, and systems that cover all aspects of credit 
administration, including credit pricing, underwriting, credit 
limits, collateral standards, and collateral valuation procedures. 
This should also include derivatives and the use of clearing houses. 
They are also responsible for ensuring personnel are appropriately 
trained, competent, and equipped with the necessary tools, 
procedures and systems to assess risk.
    2. Senior management should provide the board of directors with 
regular briefings and reports on credit exposures.

Policies, Procedures, Controls, and Systems

    3. A regulated entity should have policies that limit 
concentrations of credit risk and systems to identify concentrations 
of credit risk.
    4. A regulated entity should establish prudential limits to 
restrict exposures to a single counterparty that are appropriate to 
its business model.
    5. A regulated entity should establish prudential limits to 
restrict exposures to groups of related counterparties that are 
appropriate to its business model.
    6. A regulated entity should have policies, procedures, and 
systems for evaluating credit risk that will enable it to make 
informed credit decisions.
    7. A regulated entity should have policies, procedures, and 
systems for evaluating credit risk that will enable it to ensure 
that claims are legally enforceable.
    8. A regulated entity should have policies and procedures for 
addressing problem credits.
    9. A regulated entity should have an ongoing credit review 
program that includes stress testing and scenario analysis.

Applicable Laws, Regulations, and Policies

    10. A regulated entity should manage credit and counterparty 
risk in a way that complies with applicable laws, regulations, and 
supervisory guidance (e.g., advisory bulletins).

Standard 10--Maintenance of Adequate Records

    1. A regulated entity should maintain financial records in 
compliance with Generally Accepted Accounting Principles (GAAP), 
FHFA guidelines, and applicable laws and regulations.
    2. A regulated entity should ensure that assets are safeguarded 
and financial and operational information is timely and reliable.
    3. A regulated entity should have a records retention program 
consistent with laws and corporate policies, including accounting 
policies, as well as personnel that are appropriately trained and 
competent to oversee and implement the records management plan.
    4. A regulated entity, with oversight from the board of 
directors, should conduct a review and approval of the records 
retention program and records retention schedule for all types of 
records at least once every two years.
    5. A regulated entity should ensure that reporting errors are 
detected and corrected in a timely manner.
    6. A regulated entity should comply with all applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins) 
governing the maintenance of adequate records.

    Dated: May 31, 2012.
Edward J. DeMarco,
Acting Director, Federal Housing Finance Agency.
[FR Doc. 2012-13997 Filed 6-7-12; 8:45 am]
BILLING CODE 8070-01-P