[Federal Register Volume 80, Number 223 (Thursday, November 19, 2015)]
[Rules and Regulations]
[Pages 72327-72341]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-29367]


=======================================================================
-----------------------------------------------------------------------

FEDERAL HOUSING FINANCE BOARD

12 CFR Parts 914 and 917

FEDERAL HOUSING FINANCE AGENCY

12 CFR Parts 1236 and 1239

DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT

Office of Federal Housing Enterprise Oversight

12 CFR Parts 1710 and 1720

RIN 2590-AA59


Responsibilities of Boards of Directors, Corporate Practices and 
Corporate Governance Matters

AGENCY: Federal Housing Finance Board; Federal Housing Finance Agency; 
Office of Federal Housing Enterprise Oversight.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Federal Housing Finance Agency (FHFA) is amending its 
regulations by relocating and consolidating certain regulations of its 
predecessor agencies--the Federal Housing Finance Board (Finance Board) 
and Office of Federal Housing Enterprise Oversight (OFHEO)--that 
pertain to the responsibilities of boards of directors, corporate 
practices, and corporate governance matters. The OFHEO regulations 
addressed corporate governance matters at the Federal National Mortgage 
Association (Fannie Mae) and the Federal Home Loan Mortgage Corporation 
(Freddie Mac) (collectively, the Enterprises), while the Finance Board 
regulations addressed the powers and responsibilities of the boards of 
directors and management of the Federal Home Loan Banks (Banks). The 
final rule consolidates most of those regulations into a new FHFA 
regulation, parts of which will apply to both the Banks and the 
Enterprises (together, regulated entities), and parts of which will 
apply only to the Banks or only to the Enterprises. Most of the content 
of the new regulations has been derived from the regulations of the 
predecessor agencies, with such modifications as are necessary to apply 
the regulations to all of the regulated entities, to respond to issues 
raised by the commenters, or to clarify the regulatory text. The final 
rule

[[Page 72328]]

also amends the Prudential Management and Operations Standards 
(Prudential Standards) provisions by designating certain introductory 
language--which pertains to the general responsibilities of senior 
management and boards of directors--as a separate Prudential Standard. 
The final rule also repeals a provision of the OFHEO regulations that 
related to minimum safety and soundness requirements for the 
Enterprises.

DATES: The final rule is effective on December 21, 2015.

FOR FURTHER INFORMATION CONTACT: Amy Bogdon, Associate Director, 
Division of Federal Home Loan Bank Regulation, at [email protected] 
or (202) 649-3320, or Neil R. Crowley, Deputy General Counsel, Office 
of General Counsel, at [email protected] or (202) 649-3055 (not 
toll-free numbers), Federal Housing Finance Agency, Constitution 
Center, 400 7th Street SW., Washington, DC 20024. The telephone number 
for the Telecommunications Device for the Hearing Impaired is (800) 
877-8339.

SUPPLEMENTARY INFORMATION: 

I. Background

A. Proposed Rule

    On January 28, 2014, FHFA published a proposed rule that would 
relocate, revise, and consolidate into a new FHFA regulation certain of 
the rules of the predecessor agencies that dealt with corporate 
practices and governance at the Banks and the Enterprises.\1\ The 
proposed rule was one phase of FHFA's ongoing project to repeal or 
relocate remaining OFHEO and Finance Board regulations. Both 
predecessor agencies had regulations addressing director 
responsibilities, corporate practices, and corporate governance 
matters. Pursuant to the Housing and Economic Recovery Act of 2008 
(HERA), Public Law 110-289, 122 Stat. 2654, those regulations remain in 
effect until they are superseded by regulations issued by FHFA. See id. 
at sections 1302, 1312, 122 Stat. 2795, 2798. The intent of the 
proposed rule was to consolidate certain of those regulations into a 
new set of FHFA regulations that would address those same matters, and 
to repeal any predecessor regulations that were not adopted as FHFA 
regulations. The proposed rule was not intended to address 
conservatorship matters, but rather to address matters of corporate 
practice and governance that currently are addressed by OFHEO 
regulations, to which the Enterprises remain subject. The applicable 
regulations of the predecessor agencies addressed by this rulemaking 
currently are located at parts 914, 917, 1710, and 1720 of title 12 of 
the Code of Federal Regulations. All of the relocated portions of these 
regulations would be codified as a new part 1239 of the FHFA 
regulations.
---------------------------------------------------------------------------

    \1\ See 79 FR 4414 (January 28, 2014).
---------------------------------------------------------------------------

    The proposed rule included a number of provisions that would apply 
to all of the regulated entities because they addressed matters of 
general applicability, but also included other provisions that would 
apply only to the Banks or only to the Enterprises because they 
addressed topics that are unique to the particular type of entity. The 
substance of most of the provisions of the proposed rule was unchanged 
from that of the predecessor regulations, except for the provision on 
risk management, which was new. The proposed rule would also have 
carried over a Finance Board regulation on regulatory reporting and 
applied that provision to all of the regulated entities.
    In conjunction with the relocation of the predecessor regulations, 
the proposed rule also would have revised certain provisions of FHFA's 
Prudential Standards. Specifically, the proposal would have 
redesignated the introductory section to the Prudential Standards--
which recites general concepts of corporate governance and 
responsibilities of the board of directors and senior management--as a 
separate standard. Doing so would clarify FHFA's authority to enforce 
those provisions in the same manner as any of the other ten enumerated 
standards. Lastly, the proposal would have repealed a provision of the 
OFHEO regulations, 12 CFR part 1720, which had established certain 
safety and soundness standards for the Enterprises, because many of the 
matters addressed by those regulations are also addressed by the 
Prudential Standards or by the proposed rule.

B. Considerations of Differences Between the Banks and the Enterprises

    When promulgating regulations or taking other actions that relate 
to the Banks, section 1313(f) of the Federal Housing Enterprises 
Financial Safety and Soundness Act of 1992 (Safety and Soundness Act) 
requires the Director of FHFA (Director) to consider the differences 
between the Banks and the Enterprises with respect to the Banks' 
cooperative ownership structure; mission of providing liquidity to 
members; affordable housing and community development mission; capital 
structure; and joint and several liability. 12 U.S.C. 4513(f). In 
preparing the proposed and final rules, the Director has considered 
those differences as they relate to the above factors and has 
determined that none of the statutory factors would be adversely 
affected by the final rule. None of the comment letters addressed this 
requirement.

II. Response to Comment Letters

    In response to the proposed rule, FHFA received three substantive 
comment letters, one each from Fannie Mae and Freddie Mac, and a joint 
letter from the Banks. Each letter generally supported the proposed 
rule, but also recommended different ways in which FHFA should revise 
certain aspects of the rule. In response to these recommendations, FHFA 
has incorporated a number of revisions into the final rule. The 
following sections of this document describe the issues raised by the 
commenters, along with FHFA's responses, which are included as part of 
FHFA's descriptions of the particular provisions of the final rule for 
which the commenters had suggested revisions. For other provisions of 
the proposed rule about which the commenters raised no issues, FHFA has 
adopted them without change.

III. Final Rule

A. Overview

    The organizational structure of the final rule is the same as that 
of the proposed rule, meaning that it includes one subpart for 
definitions and four subparts for the substantive provisions. Subpart A 
defines terms used within the final rule. Subpart B includes provisions 
relating to certain core corporate governance principles and applies to 
both the Banks and the Enterprises. Subpart C addresses codes of 
conduct for the entities, risk management, compliance programs, and 
regulatory reports, and also applies to all regulated entities. 
Subparts D and E include regulations from the predecessor agencies that 
address matters specific to the Banks (such as those relating to a 
Bank's member products policy) or to the Enterprises (such as those 
relating to the Enterprise boards), respectively. None of these 
provisions is intended to address conservatorship matters at the 
Enterprises. Instead, they are intended to address matters of corporate 
practice and governance for regulated entities that are not in 
conservatorship by replacing the existing OFHEO regulations on those 
same topics.\2\ The

[[Page 72329]]

following paragraphs describe the manner in which each of the subparts 
of the final rule differs from those of the proposed rule and, as 
applicable, describes the material issues raised by the commenters and 
FHFA's responses to them.
---------------------------------------------------------------------------

    \2\ FHFA as conservator has exercised its authority under 12 
U.S.C. 4617(b)(2)(C) to provide for the Enterprises' management to 
be overseen by the boards of directors under their charter acts, 12 
U.S.C. 1452(a), 1723(b), and those boards have been operating under 
the OFHEO regulations, which are being replaced by this regulation.
---------------------------------------------------------------------------

B. Subpart A--General

Definitions (1239.2)
    The proposed rule included seventeen defined terms, most of which 
were derived from the predecessor agencies' regulations and were to be 
incorporated into the FHFA's regulations without change. The final rule 
revises one of the proposed definitions, deletes two proposed 
definitions, and adds one new definition.
    The proposed rule would have defined ``executive officer'' to 
include the chairperson and vice-chairperson of an Enterprise, along 
with a number of other specified senior executive positions at any Bank 
or Enterprise. Both Enterprises commented that defining ``executive 
officer'' to include the chairperson and vice-chairperson created a 
conflict with another provision of the proposed rule, 12 CFR 
1239.20(a)(3), which requires the chairperson of an Enterprise to be a 
person other than the chief executive officer, who also must be 
independent, as defined by the rules of the New York Stock Exchange 
(NYSE). The applicable NYSE rule provides that a company's chairperson 
is not ``independent'' if the person is, or has been within the past 
three years, an executive officer of the company. In order to resolve 
this conflict, FHFA agrees with the commenters and has amended the 
definition of ``executive officer'' to delete the references to an 
Enterprise's chairperson and vice-chairperson.
    The proposed rule had used the term ``risk profile'' in several 
places within the risk management section of the rule, but did not 
define that term. In considering how to define that term for the final 
rule, FHFA determined that a similar term--``risk appetite''--as 
defined by the Office of the Comptroller of the Currency in its 
guidelines establishing heightened standards for national banks, better 
described the concept that FHFA had intended with its use of the term 
``risk profile'' in the proposed rule. Accordingly, the final rule 
replaces the references to ``risk profile'' with the new term ``risk 
appetite'' and defines that term to mean the aggregate level and types 
of risk the board of directors and management are willing to assume to 
achieve the regulated entity's strategic objectives and business plan, 
consistent with applicable capital, liquidity, and other regulatory 
requirements.
    The final rule deletes the defined term ``authorizing statutes'' 
because FHFA has recently defined that term within its general 
definitions section, at 12 CFR 1201, which definitions apply to all of 
FHFA's regulations. FHFA has also deleted the definition of the 
Sarbanes-Oxley Act from the final rule, because that term is only used 
once within the regulatory text, which now refers to that act by its 
name, rather than the acronym.
    The proposed rule defined credit risk as ``the potential that a 
borrower or counterparty will fail to meet its financial obligations in 
accordance with agreed terms.'' Credit risk is one of the several 
specified risks that the rule requires a regulated entity's risk 
management program to address. Freddie Mac contended that the proposed 
definition was both too broad and too narrow and also suggested that 
FHFA replace ``financial obligations'' with ``contractual 
obligations.'' Freddie Mac also suggested that FHFA define ``credit 
risk'' in terms of an actual failure of a counterparty to perform, 
i.e., as the risk that the counterparty will fail to perform. FHFA 
declines to accept either of those suggestions, and notes that its 
definition is consistent with those of other banking regulators, which 
also focus on the potential that a borrower or counterparty will fail 
to meet its obligations.\3\ FHFA also believes that using the term 
``contractual obligations'' in the definition would make it overly 
broad, in that such language would include other types of contractual 
obligations that may not have any relevance to credit risk.
---------------------------------------------------------------------------

    \3\ See e.g., Principles for the Management of Credit Risk--
Consultative Document, Bank for International Settlements, July 1999 
(``Credit risk is most simply defined as the potential that a bank 
borrower or counterparty will fail to meet its obligations in 
accordance with agreed terms.''). See also, Interagency Counterparty 
Risk Management Guidance, Board of Governors of the Federal Reserve 
System, SR 11-10, July 5, 2011 (``Counterparty credit risk is the 
risk that the counterparty to a transaction could default.'') and 
Supervisory Policy Statement on Investment Securities and End-User 
Derivatives Activities, Federal Financial Institutions Examination 
Council, Oct. 3, 1997 (A component of credit risk is settlement and 
pre-settlement credit risk. ``These risks are the possibility that a 
counterparty will fail to honor its obligation at or before the time 
of settlement.'' (emphasis added)).
---------------------------------------------------------------------------

C. Subpart B--Corporate Practices and Procedures Applicable to All 
Regulated Entities

    Subpart B of the proposed rule included three provisions that 
addressed certain core principles of corporate practices or governance 
that were to apply to both the Enterprises and the Banks. Those 
provisions addressed choice of law for governance and indemnification 
matters, duties of directors, and committees of the boards of 
directors. Nearly all of the content of those provisions was derived 
from the Finance Board or OFHEO regulations.
Choice of Law and Indemnification (1239.3)
Choice of Law
    Proposed Sec.  1239.3(a) and (b) generally would have required that 
a regulated entity's corporate governance and indemnification practices 
comply with any applicable federal law, but also would have required 
each regulated entity to designate in its bylaws a body of law to 
follow with respect to those practices. The proposed rule would have 
allowed a regulated entity to follow: (1) The law of the jurisdiction 
in which the entity maintains its principal office; (2) the Delaware 
General Corporation Law; or (3) the Revised Model Business Corporation 
Act. This choice of law provision would be new only for the Banks 
because the OFHEO regulations had previously imposed this requirement 
on the Enterprises.
    The Banks expressed concern that by choosing a particular body of 
state law to follow they could subject themselves to the jurisdiction 
of those states' courts and would allow their members to assert all of 
the rights available to stockholders of corporations organized under 
those state laws. Although FHFA does not believe that its regulations 
would cause either of those possibilities to occur, it agrees that for 
the sake of clarity the final rule should be revised to state 
explicitly that the regulation does not create any rights in the 
members or other third parties and that it does not otherwise cause the 
regulated entities to become subject to the jurisdiction of state 
courts on matters of corporate governance and indemnification. In 
addition, FHFA has determined that it would be appropriate to allow the 
Banks an additional period of time within which to compare the relative 
merits of the three bodies of law from which they may choose. 
Accordingly, the final rule allows the Banks a period of 90 days after 
the effective date of the rule by which to designate in their bylaws 
their chosen body of law.
    The Banks also suggested that the regulation should allow them to 
model their bylaw provisions after certain specific state law 
provisions, rather than on an entire body of state corporate law. FHFA 
has declined to make that revision for the final rule because it

[[Page 72330]]

does not believe that the selective designation of various state 
corporate law provisions would result in an effective or uniform source 
of guidance for the entities.
Indemnification
    The proposed rule would have required the regulated entities to 
indemnify their directors, officers, and employees under terms and 
conditions to be determined by the entities' boards of directors. 
Section 1239.3(c)(2) further would have required that each regulated 
entity adopt policies and procedures for indemnifying its personnel, 
which had to address how the board would make decisions on 
indemnification requests and what standards the board would use for 
indemnification requests, as well as for board investigations and 
review by outside counsel. These provisions were modeled on FHFA's 
regulations governing the Office of Finance, 12 CFR 1273.7(i)(3), and 
the OFHEO indemnification provisions at 12 CFR 1710.20.
    The Banks' comment letter questioned FHFA's authority to subject 
the Banks to regulations relating to indemnification, citing a 
provision of the Federal Home Loan Bank Act (Bank Act), 12 U.S.C. 
1427(k), which they believed committed matters of indemnification 
exclusively to the discretion of the Bank's board of directors. FHFA 
believes that the language of the proposed rule is fully consistent 
with the authority granted to the Banks' boards of directors by section 
1427(k) because the rule largely restates and elaborates on the 
statutory requirement that the boards of directors are to determine the 
terms and conditions on which the regulated entities are to provide 
indemnification to their personnel.
    The one aspect of the proposed rule that differed from the statute 
pertained to the provisions requiring the entities to adopt policies 
describing the manner in which they would exercise their 
indemnification authority. In effect, those provisions would have 
required the entities to commit to writing the decisions that their 
boards of directors make with respect to the circumstances under which 
they intend to provide indemnification to their officers and employees 
and the manner in which they will make those decisions. Requiring the 
entities to document the policies, procedures, and standards that the 
board of directors will use when considering requests for 
indemnification does not diminish the authority of the boards of 
directors to set the terms and conditions on which the entity will 
indemnify its personnel. In such cases, the boards would still decide 
the terms and conditions for indemnification, and the written policies, 
procedures, and standards would reflect and implement those board 
decisions. Requiring a regulated entity to have in place procedural 
safeguards, such as policies, procedures, and standards for 
indemnification, benefits the board of directors by helping to ensure 
that they make their indemnification decisions on a consistent basis, 
which in turn increases the likelihood that the entities will make 
these decisions in a safe and sound manner. FHFA has explicit authority 
to adopt regulations to ensure that the purposes of the Bank Act are 
carried out.\4\ For those reasons, FHFA has retained this requirement 
in the final rule.
---------------------------------------------------------------------------

    \4\ Safety and Soundness Act section 1319G, 12 U.S.C. 4526.
---------------------------------------------------------------------------

    The proposed rule also included a provision carried over from the 
OFHEO regulations that authorized FHFA to review an entity's 
indemnification policies, procedures, and practices and to limit or 
prohibit an entity from making indemnification payments based on FHFA's 
safety and soundness authority. The commenters questioned whether FHFA 
has the legal authority to prohibit indemnification payments based 
solely on its safety and soundness authority, particularly in light of 
a 2008 statutory amendment that explicitly authorized FHFA to prohibit 
indemnification payments only in cases where FHFA has initiated the 
action against an officer or director of a regulated entity. 12 U.S.C. 
4518(e). Fannie Mae also objected to certain language in the 
supplementary information to the proposed rule, which described this 
provision as allowing FHFA to prohibit indemnification payment to ``any 
person found to have violated any law or regulation,'' as going beyond 
the language of the regulatory text.
    To address these comments, FHFA has revised Sec.  1239.3(c)(4) of 
the final rule in two respects. First, the final rule no longer asserts 
the authority of FHFA to limit or prohibit indemnification payments 
based solely on safety and soundness grounds. To the extent that FHFA 
deems it necessary to limit or prohibit indemnification payments by a 
regulated entity, it will act under the authority conferred by 12 
U.S.C. 4518(e), which applies only to instances in which FHFA has 
initiated the underlying civil or administrative action. Second, the 
final rule revises the regulatory language to provide that FHFA may 
review a regulated entity's indemnification policies, procedures, and 
practices to ensure that they are consistent with law and with safety 
and soundness, and that they are carried out in a safe and sound 
manner. FHFA anticipates that this type of review could focus on issues 
such as whether a regulated entity has been consistent in how it acts 
on indemnification requests from different persons, and whether it has 
documented that it has made its decisions in accordance with the body 
of state law that the entity has chosen to follow for indemnification 
purposes.
    Lastly, the Banks asked that FHFA clarify the circumstances in 
which it would exercise its statutory authority under the factors 
enumerated in 12 U.S.C. 4518(e)(2), which authorizes FHFA to limit or 
prohibit indemnification payments in connection with civil or 
administrative actions brought by FHFA. Because the proposed rule did 
not include any provisions relating to section 4518(e)(2), FHFA cannot 
address that provision for the first time as part of this final rule. 
That statutory provision is the subject of a separate rulemaking.\5\
---------------------------------------------------------------------------

    \5\ See 74 FR 30975 (June 29, 2009).
---------------------------------------------------------------------------

Duties and Responsibilities of Directors (1239.4)
    Proposed Sec.  1239.4 set forth certain duties and responsibilities 
of directors of a regulated entity. The text of the proposed regulation 
consisted mostly of provisions carried over from Finance Board 
regulations Sec.  917.2, Sec.  917.10, and, to a lesser extent, OFHEO 
regulation Sec.  1710.15. This section of the proposed rule generally 
stated that the responsibility for managing a regulated entity is 
vested in the board of directors. The provision also included a list of 
duties for the directors, which included a duty to act with the degree 
of care of an ordinarily prudent person, and a duty to have a working 
familiarity with basic finance and accounting matters. The proposed 
rule also included a set of director responsibilities, which included 
having in place policies and procedures to relating to the board's 
oversight of risk management, compensation, financial reporting, and 
regulatory reporting. Commenters raised four questions about these 
provisions.
    The Enterprises expressed concern about the language of the 
proposed rule that stated that the management of a regulated entity 
``shall be vested in its board of directors.'' The Enterprises believed 
this language could be read as expanding the traditional role of 
corporate directors and imposing on them some responsibility for 
becoming involved in the day-to-day operations of the entity. As a 
general proposition, FHFA agrees that the role of the board

[[Page 72331]]

is one of oversight, and that it is management who is to be responsible 
for the day-to-day operations of the entities. The language used in the 
proposed rule was derived from the Bank Act and the Finance Board 
regulations. In order to address the concerns raised by the Enterprises 
about how the rule should describe the role of the board of directors, 
FHFA looked to Delaware corporate law for guidance. The relevant 
provision of the Delaware statutes provides that ``the business and 
affairs of every corporation organized under this chapter shall be 
managed by or under the direction of a board of directors.'' Delaware 
General Corporation Law, Sec.  141(a). FHFA believes that this language 
accurately describes the roles of corporate directors generally, and is 
consistent with the language of the Bank Act, which provides that the 
management of the Banks is to be ``vested in'' the board of directors. 
Accordingly, FHFA has revised Sec.  1239.4(a) of the final rule by 
replacing the proposed language with language stating that the 
management of a regulated entity is to be ``by or under the direction 
of'' its board of directors. FHFA intends this revision to make clear 
that the final rule should not be construed as requiring the directors 
of a regulated entity to become responsible for the day-to-day 
operational functions of the entity.
    The Enterprises also expressed concern about language of Sec.  
1239.4(b)(1) of the proposed rule relating to the directors' duty of 
care, which provided, in part, that a director should carry out his or 
her duties ``with such care, including reasonable inquiry, as an 
ordinarily prudent person in a like position would use under similar 
circumstances.'' Freddie Mac believed that the use of the ``ordinarily 
prudent person'' standard of care for how a director must discharge his 
or her duties could conflict with the body of state law that the 
Enterprises have chosen for corporate governance purposes, which would 
not use an ``ordinarily prudent person'' standard of care. Fannie Mae 
believed that the proposed language went beyond the fiduciary duties 
imposed on board members under Delaware law. FHFA has decided not to 
establish a separately defined standard of care for the directors of 
the regulated entities, but instead to rely on Sec.  1239.3(b)(1) of 
the proposed rule, which would require each entity to designate a body 
of state law for its corporate governance practices. As the Enterprises 
noted, neither Virginia law, which Freddie Mac has designated, nor 
Delaware law, which Fannie Mae has designated, uses a standard of care 
for corporate directors that is based on an ``ordinarily prudent 
person'' concept. Indeed, both of those states, as well as all other 
states, have adopted some version of the business judgment rule for 
corporate directors. The Delaware courts have construed that state's 
business judgment rule as establishing a standard of gross negligence 
as the basis on which a corporate director could be held liable for 
breach of his or her duty of care to the corporation.\6\ In order to 
ensure that the directors of the regulated entities are not held to a 
standard of care different from the standard likely to be applicable to 
directors of other financial institutions, which could affect the 
availability of director candidates, FHFA is amending Sec.  
1239.4(b)(1) of the final rule by deleting the reference to an 
``ordinarily prudent person'' and replacing it with language requiring 
directors of a regulated entity to exercise the degree of care that is 
required under the Revised Model Business Corporation Act or the other 
body of state law that the regulated entity has chosen to follow for 
its corporate governance and indemnification practices. Under the 
revised provision, Fannie Mae and Freddie Mac could continue to look to 
their chosen bodies of law, Delaware and Virginia, respectively, to 
determine the standard of care owed by their directors to the entities. 
Likewise, the Banks could look to whatever body of law they choose to 
govern their corporate governance practices, including the standard of 
care for their directors.
---------------------------------------------------------------------------

    \6\ Aronson v. Lewis, 473 A.2d 805 (1984) (Supreme Court of 
Delaware).
---------------------------------------------------------------------------

    The proposed rule would have carried over and applied to all of the 
regulated entities a Finance Board provision that requires directors of 
Banks to ``administer the affairs of the regulated entity fairly and 
impartially.'' The Enterprises contended that that provision, which is 
derived from the Bank Act and reflects the cooperative structure of the 
Banks, was not well-suited for the Enterprises because they are not 
cooperatives. They also contended that the proposed provision was 
unnecessary because general concepts of fairness are inherent in the 
fiduciary duties of their directors to act in the best interest of the 
corporation. In response to the Enterprises' concerns, FHFA has amended 
the final rule so that this language will apply only to the Banks.
    The proposed rule also included a provision derived from the 
Finance Board regulations that provided that all directors have a duty 
to have a ``working familiarity with basic finance and accounting 
practices,'' so that they are able to ask substantive questions of 
management and the auditors. The provision would allow a director to 
acquire that level of knowledge either prior to becoming an entity's 
director or within a reasonable time thereafter, such as through 
appropriate training. Both Fannie Mae and Freddie Mac expressed concern 
about this provision, believing that it could be read to require all 
directors to become ``audit committee financial experts'' and that it 
could effectively preclude them from recruiting directors who have 
specialized expertise outside of the realms of finance and accounting. 
FHFA does not believe that the language of the proposed rule, which 
uses the terms ``working familiarity'' and ``basic finance and 
accounting'' can reasonably be construed as being equivalent to 
requiring the same level of knowledge as is required to be an ``audit 
committee financial expert.'' The knowledge and experience required 
under the regulations of the Securities and Exchange Commission (SEC) 
to be deemed an ``audit committee financial expert'' are quite detailed 
and go far beyond concepts of basic finance and accounting. For 
example, an audit committee financial expert must have an understanding 
of generally accepted accounting principles and financial statements, 
the ability to assess the application of those principles, experience 
in preparing, auditing, or analyzing financial statements, an 
understanding of internal controls over financial reporting, and an 
understanding of audit committee functions. The expert also must have 
acquired those attributes through education and experience as a 
principal financial officer, principal accounting officer, controller, 
public accountant, or auditor, or by supervising persons performing 
those functions.\7\ FHFA also does not believe that requiring directors 
of the regulated entities to have or develop an understanding of basic 
concepts of finance and accounting will preclude them from recruiting 
persons whose expertise lies in other areas. Although FHFA has not 
defined the terms ``working familiarity'' or ``basic finance and 
accounting practices,'' they should be read in the context of the 
remainder of the provision, which indicates that the level of 
understanding has to be sufficient to allow the persons to read and 
understand the entity's financial statements (which the Enterprise 
directors already certify

[[Page 72332]]

when filing their Form 10-K with the SEC) and to engage in a dialogue 
with management and the auditors about the operations and financial 
condition of the entity. Moreover, the Banks, which also have a 
minority of their directors chosen from outside of the financial 
services industry, have been able to recruit and retain capable 
directors notwithstanding this requirement, which has applied to Bank 
directors since 2000. Accordingly, FHFA is adopting Sec.  1239.4(b)(3) 
of the final rule with no changes from the proposed rule. Lastly, 
Freddie Mac objected to Sec.  1239.4(c) of the proposed rule that 
required the board of directors to have in place policies and 
procedures to address certain matters, such as risk management, 
compensation programs, financial reporting, and regulatory reporting. 
Freddie Mac suggested that FHFA revise this provision to make clear 
that it does not require the board of directors to establish the 
required policies and procedures, which can be developed by management. 
Because FHFA agrees that the development and implementation of 
procedures is a management responsibility, the final rule removes the 
reference to ``procedures'' from this section. The final rule retains, 
however, the requirement that the board must have in place adequate 
``policies'' to assure its oversight of risk management, compensation, 
and financial reporting. As revised, this provision allows the board of 
directors to delegate to management the responsibility to develop, 
implement, and monitor compliance with the procedures used to implement 
board policies, but also requires the board of directors to review and 
approve those policies, as appropriate, as part of its responsibility 
to oversee management of the regulated entity.
---------------------------------------------------------------------------

    \7\ 17 CFR 229.407(d)(5)(ii).
---------------------------------------------------------------------------

Board Committees (1239.5)
    The proposed rule would have required each regulated entity to have 
four specified committees of the board of directors, which are to 
address risk management, audit, compensation, and governance. The 
proposal also authorized the regulated entities to establish any other 
committees they deemed appropriate and prohibited the entities from 
combining their risk management committee or the audit committee with 
any other committee. The proposal further required that each committee 
have a formal written charter and that it meet with sufficient 
frequency to carry out its responsibilities.
    FHFA is revising this provision of the final rule in two respects, 
both of which respond to comments from Freddie Mac. Apart from those 
revisions, FHFA is adopting this section as proposed. First, the final 
rule revises Sec.  1239.5(c) to require that the full board of 
directors adopt a formal written charter for each committee. This 
replaces a provision of the proposed rule that would have allowed a 
committee to adopt its own charter. Second, the final rule revises 
Sec.  1239.5(d) by adding language to the effect that a committee that 
is designed to meet only on an as-needed basis, rather than on a fixed 
schedule, such as an executive committee, which may meet regularly or 
only as necessary to address matters arising between meetings of the 
full board, shall meet in the manner specified in that committee's 
charter, rather than ``regularly,'' as the proposed rule had provided.
    The Banks objected to the proposed rule's prohibition on combining 
the audit and risk committees with other committees, citing the need 
for flexibility in determining committee structure. While FHFA 
understands that the entities may need some flexibility when staffing 
their committees, FHFA also believes that the responsibilities of the 
audit committee and risk management committee are sufficiently 
important that each should be structured as a stand-alone committee, 
without any competing responsibilities.

D. Subpart C--Other Requirements Applicable to All Regulated Entities

    Subpart C of the proposed rule included four other provisions that 
would have applied to all of the regulated entities. These provisions 
addressed: (1) Code of conduct; (2) risk management; (3) compliance 
programs; and (4) regulatory reports. The final rule revises portions 
of the provisions dealing with the code of conduct and risk management, 
which revisions are described below. FHFA is adopting the provisions 
relating to compliance programs and regulatory reports as proposed, and 
the discussion below also addresses suggested revisions to the 
compliance program, which FHFA has declined to adopt.
Code of Conduct and Ethics (1239.10)
    Proposed Sec.  1239.10 carried over the substance of an OFHEO 
regulation that required each regulated entity to establish a written 
code of conduct for directors, executive officers, and employees that 
is reasonably designed to ensure that they discharge their duties in an 
objective and impartial manner and that includes the standards required 
under section 406 of the Sarbanes-Oxley Act. Neither the OFHEO 
regulation nor the proposed rule described the substance of those 
standards, but simply incorporated them by cross-reference. The section 
406 standards pertain to promoting honest and ethical conduct, accurate 
financial disclosures, and compliance with applicable laws. The Banks 
expressed two concerns about this provision of the proposed rule. 
First, they believed that it was unnecessary and duplicative because, 
as SEC registrants, they already must disclose whether they have 
adopted such a code of conduct. Second, they believed that the scope of 
the provision was too broad because it covered all employees, not just 
those involved with preparing the financial statements.
    FHFA agrees that the scope of the proposed rule was broader than it 
needed to be insofar as it would have applied to employees that are not 
involved in the preparation of the entity's financial statements. To 
address these concerns about overbreadth, FHFA revised the final rule 
so that it imposes general requirements on all employees of a regulated 
entity and separately imposes other requirements on those officers that 
are responsible for preparing the financial statements. As part of that 
approach, the final rule no longer cross-references section 406 of the 
Sarbanes-Oxley Act, but instead incorporates the essential language of 
section 406 into the FHFA regulation. Accordingly, the final rule first 
provides that each entity must adopt a code of conduct that is 
reasonably designed to assure that its directors, officers, and 
employees discharge their duties in an objective and impartial manner 
and that promotes honest and ethical conduct, compliance with 
applicable laws and regulations, accountability for adhering to the 
code, and prompt internal reporting of violations of the code. Each of 
those elements is derived from section 406 of the Sarbanes-Oxley Act. 
The final rule separately provides that the code of conduct must 
include provisions that apply only to the entities' principal executive 
officer, principal financial officer, and principal accounting officer 
or controller. Those provisions must be reasonably designed to promote 
full, fair, and accurate disclosures in an entity's reports filed with 
the SEC and other public communications pertaining to the entity's 
financial condition. Those provisions also are derived from section 
406, but will not apply to the officers and employees who have no role 
in preparing the financial statements or other disclosures.
    FHFA appreciates that the Banks, as SEC registrants, are already 
required to

[[Page 72333]]

disclose whether they have a code of conduct that satisfies the 
requirements of section 406 of the Sarbanes-Oxley Act. That 
requirement, however, is simply a disclosure requirement and does not 
require the Banks to actually adopt a code of ethics. Because FHFA 
believes that a code of conduct as described above is an important tool 
in assuring that the entities operate in a safe and sound manner, the 
final rule continues to require that the entities actually adopt the 
code of conduct. Accordingly, FHFA declines to adopt the Banks' 
suggestion that this matter be addressed solely through the existing 
disclosure mechanism.
Risk Management (1239.11)
    The proposed rule contained a new risk management section that was 
based in large part on a recent proposal of the Federal Reserve Board 
relating to its supervision of large banking institutions.\8\ The 
proposed risk management section included little content from the 
regulations of the predecessor agencies, which had become somewhat 
dated. Among other things, proposed Sec.  1239.11 would have required 
each entity to establish an enterprise-wide risk management program and 
specified certain requirements for that program, as well as the 
responsibilities of the risk committee. The proposal also would have 
required each entity to appoint a chief risk officer to oversee the 
risk management function, and specified the responsibilities of the 
chief risk officer. In the final rule, FHFA retained most of the 
content of the proposed rule, but reorganized certain provisions of the 
regulatory text to improve its readability. The final rule retains the 
three core elements of the proposed rule, which require the 
establishment of an enterprise-wide risk management program, the 
establishment of a risk committee with specified structure and 
responsibilities, and the establishment of a chief risk officer with 
specified responsibilities. FHFA also made certain revisions to the 
regulatory text in response to the comment letters. All of those 
revisions are described below.
---------------------------------------------------------------------------

    \8\ See Enhanced Prudential Standards and Early Remediation 
Requirements for Covered Companies, Board of Governors of the 
Federal Reserve System, 77 FR 594 (Jan. 5, 2012). The commenters 
asked that to the extent that FHFA had looked to these standards for 
guidance, it should look to the final rule adopted by the Federal 
Reserve Board instead of its proposed rule, especially as it relates 
to distinguishing between the respective roles of directors and 
management. FHFA has reviewed that final rule document and made 
conforming revisions to this final rule, as appropriate. See 
Enhanced Prudential Standards and Early Remediation Requirements for 
Covered Companies, Board of Governors of the Federal Reserve System, 
79 FR 17240 (Mar. 27, 2014).
---------------------------------------------------------------------------

Establishment of the Risk Management Program
    Section 1239.11(a) of the proposed rule would have required the 
establishment of a risk management program that aligns with the 
entity's overall risk profile and mission objectives, while Sec.  
1239.11(c)(1) had specified several required elements for the risk 
management program. In the final rule, FHFA combined those provisions 
into a revised Sec.  1239.11(a), which deals only with the risk 
management program. FHFA also revised the regulatory text, which 
formerly provided that the board of directors must have a risk 
management program ``in effect at all times,'' to clarify that the 
board must approve and periodically review the risk management program, 
as well as having it in effect. As noted previously, the final rule 
also replaces all references to the term ``risk profile'' with the 
newly defined term ``risk appetite.'' The final rule also makes some 
revisions to the provisions that specified the minimum requirements for 
the risk management program, principally to address concerns expressed 
by the commenters. The final rule now provides that the board of 
directors must ensure that the risk management program aligns with the 
entity's risk appetite, and it deletes a reference to this being a 
joint responsibility of the board and senior management. These 
provisions of the final rule are not intended to require that the board 
of directors actually develop or implement the risk management program, 
which tasks may be delegated to management, but the board is 
responsible for approving the program, as well as the entity's risk 
appetite, and ensuring that the two are consistent with each other. In 
the paragraphs describing the requirements of the risk management 
program, the final rule deletes certain references that the commenters 
believed could be read to impose management level responsibilities on 
the board or its committee. Thus, the final rule deletes from proposed 
Sec.  1239.11(c)(ii), (iii), and (iv) references to ``risk management 
practices and risk control structure,'' ``procedures . . . practices, 
risk controls,'' and ``control objectives,'' respectively.
Establishment and Duties of the Risk Committee
    Section 1239.11(b) of the proposed rule would have required the 
board of each regulated entity to establish a risk committee that 
oversees the entity's risk management practices, while Sec.  1239.11(c) 
and (d) had addressed the risk committee structure and 
responsibilities, respectively. The final rule combines all of those 
provisions into a revised Sec.  1239.11(b), which deals only with risk 
committee matters. FHFA also revised certain of these provisions in 
response to concerns of the commenters that the proposed rule could be 
read to assign management type responsibilities on the board of 
directors or the risk committee. Thus, the final rule has deleted 
language from proposed Sec.  1239.11(b) that stated that the committee 
was ``responsible for oversight of . . . risk management practices'' 
and replaced it with language saying that the committee is to assist 
the board of directors in carrying out its duties to oversee the ``risk 
management program,'' rather than the ``practices'' of the entity.
    The final rule revises certain of the provisions relating to the 
qualifications of the risk committee members that had been located in 
Sec.  1239.11(c)(2) of the proposed rule, also in response to 
suggestions from the commenters. The proposed rule would have required 
that the committee have at least one member with ``risk management 
expertise'' that is commensurate with the business of the regulated 
entity, and further that the other committee members have ``experience 
developing and applying risk management practices and procedures 
measuring and identifying risks.'' The Banks and the Enterprises 
contended that such levels of expertise would likely be found only in a 
person who was serving, or had previously served, as a chief risk 
officer at a financial institution and that it would be difficult to 
find persons who are eligible for board positions who also have such 
expertise. FHFA believes that this is a valid concern and has revised 
the rule to require that the risk committee have at least one member 
with risk management ``experience'' rather than ``expertise,'' and that 
the other committee members have, or acquire through training, a 
practical understanding of risk management principles and practices. 
FHFA also deleted in its entirety the provision of the proposed rule 
that would have required risk committee members to also have had 
experience developing and applying risk management practices and 
procedures. Notwithstanding those revisions, FHFA believes that it is 
appropriate and reasonable to retain some language in the final rule 
requiring that the persons charged with assisting the board in its 
oversight of the risk management program have had some

[[Page 72334]]

opportunity, either through prior experience or education or other 
training while on the board, to gain sufficient understanding of risk 
management principles to meaningfully engage with management on risk 
management matters.
    Freddie Mac objected to the requirements in proposed Sec.  
1239.11(c)(2)(v) and (d)(1) that the risk committee fully document and 
maintain records of its meetings, including its risk management 
decisions and recommendations, and that it be responsible for 
documenting and overseeing the entity's risk management ``policies and 
practices.'' It believed that these requirements go beyond the existing 
obligation on board committees to prepare minutes of meetings. FHFA 
disagrees with the first of those suggestions and has retained the 
requirement that the committee document and maintain records of its 
meetings and decisions because risk management is a vital function and 
decisions of the risk committee and the justification for those actions 
need to be well documented. FHFA agrees with the second suggestion and 
removed from the final rule the language stating that that the 
committee is to be responsible for documenting and overseeing the risk 
management ``policies and practices'' of the entity because 
``practices'' are more appropriately characterized as a management 
function than as a function for the risk committee. In its place, FHFA 
included an alternative provision, to be located in Sec.  
1239.111(b)(2)(i) of the final rule, providing that the risk committee 
must periodically review the entity's risk management program and make 
recommendations to the board of directors for any appropriate revisions 
to the program to ensure that the program remains aligned to the risks 
associated with the entity's business activities. The final rule also 
includes a parallel provision requiring the committee to periodically 
review the capabilities of, and the adequacy of the resources allocated 
to, the risk management program.
Chief Risk Officer
    The proposed rule would require each entity to appoint a chief risk 
officer and described both the organizational structure of the risk 
management program and the responsibilities of the chief risk officer. 
The final rule makes some modest revisions to these provisions, stating 
that the chief risk officer shall ``head'' (rather than ``oversee'') an 
independent risk management function and be responsible for the 
entity's risk management function. Both the proposed and final rules 
require that the head of the risk management function must be 
``independent.'' FHFA construes that term to mean that the chief risk 
officer may not have dual responsibilities within the organization, 
such as also serving as the chief financial officer or as any other 
senior executive officer.
Compliance Program (1239.12)
    The proposed rule would require that regulated entities establish a 
compliance program to be headed by a chief compliance officer and set 
forth criteria for the program. Proposed Sec.  1239.12 would require 
the program to be reasonably designed to ensure that the regulated 
entity complies with applicable laws, rules, regulations, and internal 
controls. In addition, the proposal would require the compliance 
officer to report directly to the chief executive officer, to report 
regularly to the board of directors (or a committee thereof) on the 
adequacy of the entity's compliance policies and procedures, and to 
make recommendations to the board for any adjustments to those policies 
or procedures, as appropriate. The final rule adopts this provision as 
it was proposed.
    The Banks expressed concern that these provisions were too 
prescriptive and believed that oversight of the compliance program need 
not reside solely with a single chief compliance officer, so long as 
the Banks have established clear lines of responsibilities for 
compliance matters with other executives. The Banks also objected to 
requiring the compliance officer to report to the chief executive and 
asked that the final rule allow for reporting lines to other senior 
executives. The Banks also suggested replacing the words ``internal 
controls'' with ``policies'' in the provision that requires that the 
compliance program ensure compliance with ``laws, rules, regulations, 
and internal controls.'' The Banks believe that internal controls 
themselves are designed to achieve compliance with laws, rules, 
regulations, and policies and therefore it did not make sense to 
require compliance with internal controls.
    FHFA does not believe that this provision can be characterized as 
being overly prescriptive, as the Banks contend. The regulation is 
short, only three sentences, which require the establishment of a 
compliance program, the designation of a compliance officer, and the 
establishment of reporting requirements. As to the concern about 
reporting lines, FHFA believes that the compliance function is 
sufficiently important that it should be headed by a person holding an 
executive level position, who would be a peer of the executives taking 
the business risks, and who would have direct access to the CEO. 
Lastly, although internal controls are designed to ensure compliance 
with laws, regulations, and policies, this can only be achieved if the 
regulated entity complies with the internal control procedures 
themselves. Therefore, FHFA believes that it is appropriate to retain 
the term ``internal controls'' in the first sentence of the provision.
Regulatory Reports (1239.13)
    Proposed Sec.  1239.13 required each regulated entity to provide 
FHFA with such regulatory reports as are necessary for it to evaluate 
the condition of a regulated entity, or compliance with applicable law, 
and to do so in accordance with the forms and instructions issued by 
FHFA from time to time. It was derived from the Finance Board 
regulations at 12 CFR 914.1 and 914.2. FHFA received no comments on 
this provision and the final rule adopts this provision as proposed.

E. Subpart D--Enterprise Specific Requirements

    Subpart D of the proposed rule included two provisions that were to 
apply only to the Enterprises. FHFA received no comments on these 
provisions from the Enterprises. Accordingly, with the exception of the 
one matter noted below, FHFA adopted both provisions as proposed. The 
first provision, Sec.  1239.20, addresses age and term limits for 
Enterprise directors and requires that a majority of the directors be 
independent, as defined under the rules of the NYSE. It also addresses 
the frequency of Enterprise board meetings, quorum requirements, and 
voting by directors. The rule carries over these provisions from the 
OFHEO regulation without substantive change. Proposed Sec.  
1239.20(a)(3) included a new provision that would prohibit the chief 
executive officer of an Enterprise from also serving as the chairperson 
of the board of directors.
    In the final rule, FHFA also revised the language of Sec.  
1239.20(b)(5), which requires the Enterprise boards of directors 
annually to review the requirements of applicable laws, rules, 
regulations, and guidelines. FHFA has been asked whether this provision 
requires a board of directors to review all laws that apply to the 
Enterprises or only on those that have been revised during the past 
year. FHFA believes that going forward this provision should be read to 
require that the boards of directors be kept informed of any 
significant changes to the applicable

[[Page 72335]]

laws and regulations. Accordingly, the final rule revises this 
provision to state that at least annually the boards of the Enterprises 
shall be informed of any significant changes that have been made to the 
laws, rules, regulations, and guidelines to which the Enterprises are 
subject since the prior year's annual review. The second provision, 
Sec.  1239.21, requires that the Enterprises pay their directors 
reasonable and appropriate compensation for the time required for the 
performance of their duties.

F. Subpart E--Bank Specific Requirements

    Subpart E of the proposed rule included five provisions that were 
to apply only to the Banks. For three of those provisions, those 
relating to a Bank's member products policy (Sec.  1239.30), its 
strategic business plan (Sec.  1239.31), and its dividends (Sec.  
1239.33), FHFA received no comments and the final rule adopts those 
provisions as proposed. The final rule deletes the proposed provision 
on internal controls in its entirety, for the reasons described below, 
and makes some modest revisions to the provision on Bank audit 
committees, also as described below.
Internal Control System
    The proposed rule would have carried over without substantive 
change a Finance Board regulation dealing with Bank internal control 
systems. The proposed regulation set forth detailed responsibilities of 
senior management and the board of directors with respect to internal 
controls and solicited comments on whether the internal controls 
regulation should be expanded to apply to the Enterprises, as well as 
to the Banks. Freddie Mac urged FHFA not to extend the internal 
controls regulation to the Enterprises because they are already subject 
to numerous requirements related to internal controls. The Banks 
generally favored the adoption of a principles-based approach for the 
rules relating to internal controls, rather than the more prescriptive 
approach of the existing Finance Board regulations, and asked that FHFA 
revise the rule accordingly.
    FHFA initially decided to adopt the Banks' suggestion and revise 
this provision to make it more principles-based. When making those 
revisions, however, FHFA determined that creating a more principles-
based regulation would result in the revised regulation overlapping 
considerably with the provisions of FHFA's existing Prudential 
Standards that deal with internal controls. In order to avoid that 
result, and the potential confusion that having two separate provisions 
addressing internal controls could cause, FHFA decided a better 
approach would be to delete the provision on internal controls from the 
final rule and rely instead on the internal controls provisions of the 
Prudential Standards. Accordingly, the final rule does not include a 
separate regulation on internal controls for the Banks. In making this 
change, FHFA emphasizes that a strong system of internal controls is a 
critical first line defense for all of the regulated entities. FHFA 
expects that all of the regulated entities will devote the necessary 
resources and attention to this area.
Audit Committee (1239.32)
    The proposed rule would have carried over without substantive 
change Finance Board regulations that required the establishment of an 
audit committee and established requirements for the composition, 
independence, charter, duties, and meetings of Bank audit committees. 
FHFA requested comment on whether it should adopt a single regulation 
addressing the audit committees for all regulated entities, whether the 
independence requirements for Bank audit committees should consider the 
amount of Bank stock or advances held by a member that has a 
representative on the committee, and whether Bank audit committees 
should have a majority of members who are not affiliated with the 
Bank's members. No commenters supported any of those revisions, and 
FHFA has not made any such changes to the final rule.
    FHFA made three revisions to Sec.  1239.32 of the final rule in 
response to comments from the Banks. The Banks asked that FHFA modify 
the requirement relating to representation on the audit committee of 
directors from the various types of members and of both member 
directors and independent directors by providing that the committee 
should be required have such a balance ``to the extent that it is 
practicable to do so.'' The Banks contended that the skill sets of the 
individual directors, particularly the member directors, will vary. As 
a result, there may be times when the persons whose experience is most 
suited to having them serve on the audit committee will not necessarily 
result in a committee composition that includes persons from all 
segments of the membership base. FHFA agrees with that statement and 
added the language requested by the Banks to the final rule. The Banks 
also asked that FHFA clarify that a reference to ``independent 
directors'' in this section refers to those directors who are not 
affiliated with a member institution, as defined in the Bank Act, so as 
not to suggest that it relates to the ``independence'' requirement for 
audit committee members. FHFA made that revision. The final rule also 
revises a provision that requires the audit committee to review ``the 
policies and procedures used by senior management'' by deleting the 
reference to ``procedures'' because FHFA agrees with the Banks that the 
development and review of particular procedures is more properly 
considered a management function. The final rule also makes one 
conforming change by revising the language of the existing rule to 
state that the board of directors, not the audit committee, is 
responsible for amending and periodically reapproving the audit 
committee charter. This change conforms this provision to an earlier 
provision of the rule that vests in the board of directors the sole 
authority to adopt committee charters.

G. Provisions To Be Repealed

    As was proposed, the final rule will repeal several portions of the 
predecessor agency regulations that are not being carried over into the 
FHFA regulations. No commenters objected to the proposed repeal of 
these provisions, which included several OFHEO regulations that 
essentially repeated certain statutory requirements, certain provisions 
of the OFHEO regulations relating to the responsibilities of boards of 
directors that address matters now covered by the Prudential Standards, 
a Finance Board regulation requiring the preparation of annual budgets, 
and 12 CFR part 1720 of the OFHEO regulations, which established 
certain safety and soundness standards for the Enterprises.
    Freddie Mac sought clarification as to the effect of the repeal of 
these provisions on specific regulatory guidance, such as the 2006 
OFHEO Corporate Governance Examination Guidance. FHFA continues to 
evaluate the various types of guidance issued by the predecessor 
agencies to determine whether to retain, revise, or repeal the 
guidance. Those efforts are being done independently of this 
rulemaking. On March 26, 2015, FHFA issued Advisory Bulletin AB 2015-
03, which rescinded five examination guidance documents that had been 
issued by OFHEO because they have been superseded by FHFA guidance, 
simply restated the text of regulations, or are no longer relevant or 
applicable in the current environment.\9\
---------------------------------------------------------------------------

    \9\ The Advisory Bulletin rescinded the following OFHEO 
examination guidance documents: PG-00-001 (regarding minimum safety 
and soundness requirements); PG-00-002 (regarding non-mortgage 
liquidity investments); PG-06-001 (regarding corporate governance 
examinations); PG-06-003 (regarding accounting practices 
examinations); and PG-08-002 (regarding standards for use of fair 
value options).

---------------------------------------------------------------------------

[[Page 72336]]

IV. Prudential Standards

    The Prudential Standards include an introductory section, which 
recites general responsibilities of the boards of directors and senior 
management, as well as ten enumerated standards that address the topics 
required by statute. In the proposed rule, FHFA proposed to designate 
this introductory section as an additional Prudential Standard. Doing 
so would clarify that the introductory provisions have the same effect 
and could be enforced in the same manner as the ten enumerated 
standards. The Banks commented that this action would create some 
uncertainty about the role of the boards of directors because the 
introductory section currently includes references to the board of 
directors being responsible for adopting and implementing 
``procedures,'' which the Banks contend is a management function. FHFA 
agrees that the development and implementation of procedures is a 
management responsibility, and has revised the first three paragraphs 
of the Prudential Standards introductory section by deleting the four 
references to ``procedures'' as responsibilities of the board of 
directors. FHFA received no other comments on this aspect of the 
proposal and the final rule otherwise adopts the final rule as 
proposed.

V. Paperwork Reduction Act

    The final rule does not contain any information collection 
requirement that requires the approval of the Office of Management and 
Budget under the Paperwork Reduction Act (44 U.S.C. 3501 et seq.).

VI. Regulatory Flexibility Act

    The Regulatory Flexibility Act (5 U.S.C. 601 et seq.) requires an 
agency to analyze a regulation's impact on small entities if the 
regulation is expected to have a significant economic impact on a 
substantial number of small entities. 5 U.S.C. 605(b). FHFA has 
considered the impact of this final rule and determined that it is not 
likely to have a significant economic impact on a substantial number of 
small entities because it applies only to the regulated entities, which 
are not small entities for purposes of the Regulatory Flexibility Act.

List of Subjects

12 CFR Part 914

    Federal Home Loan Banks, Reporting and recordkeeping requirements.

12 CFR Part 917

    Federal Home Loan Banks.

12 CFR Part 1236

    Administrative practice and procedure, Federal Home Loan Banks, 
Government-Sponsored Enterprises, Reporting and recordkeeping 
requirements.

12 CFR Part 1239

    Administrative practice and procedure, Federal Home Loan Banks, 
Government-Sponsored Enterprises, Reporting and recordkeeping 
requirements.

12 CFR Part 1710

    Administrative practice and procedure, Mortgages.

12 CFR Part 1720

    Administrative practice and procedure, Mortgages.

    Accordingly, for reasons stated in the Supplementary Information 
and under the authority of 12 U.S.C. 1426, 1427, 1432(a), 1436(a), 
1440, 4511(b), 4513(a), 4513(b), and 4526, FHFA hereby amends 
subchapter C of chapter IX, subchapter B of chapter XII, and subchapter 
C of chapter XVII of title 12 of the Code of Federal Regulations as 
follows:

CHAPTER IX--FEDERAL HOUSING FINANCE BOARD

Subchapter C--[Removed and Reserved]

0
1. Subchapter C, consisting of parts 914 and 917 is removed and 
reserved.

CHAPTER XII--FEDERAL HOUSING FINANCE AGENCY

Subchapter B--Entity Regulations

PART 1236--PRUDENTIAL MANAGEMENT AND OPERATIONS STANDARDS

0
2. The authority citation for part 1236 continues to read as follows:

    Authority: 12 U.S.C. 4511, 4513(a) and (f), 4513b, and 4526.


0
3. Amend Sec.  1236.2 by revising the definition of ``Standards'' to 
read as follows:


Sec.  1236.2  Definitions.

* * * * *
    Standards means any one or more of the prudential management and 
operations standards established by the Director pursuant to 12 U.S.C. 
4513b(a), as modified from time to time pursuant to Sec.  1236.3(b), 
including the introductory statement of general responsibilities of 
boards of directors and senior management of the regulated entities.

0
4. Amend the Appendix to part 1236 as follows:
0
a. By redesignating the phrase ``The following provisions constitute 
the prudential management and operations standards established pursuant 
to 12 U.S.C. 4513b(a).'' following paragraph 10 under 
``Responsibilities of the Board of Directors and Senior Management'' as 
introductory text to the appendix; and
0
b. By revising paragraphs 1., 2., and 3. under ``Responsibilities of 
the Board of Directors and Senior Management'' to read as follows:

Appendix to Part 1236--Prudential Management and Operations Standards

* * * * *

Responsibilities of the Board of Directors and Senior Management

    1. With respect to the subject matter addressed by each 
Standard, the board of directors is responsible for adopting 
business strategies and policies that are appropriate for the 
particular subject matter. The board should review all such 
strategies and policies periodically. It should review and approve 
all major strategies and policies at least annually and make any 
revisions that are necessary to ensure that such strategies and 
policies remain consistent with the entity's overall business plan.
    2. The board of directors is responsible for overseeing 
management of the regulated entity, which includes ensuring that 
management includes personnel who are appropriately trained and 
competent to oversee the operation of the regulated entity as it 
relates to the functions and requirements addressed by each 
Standard, and that management implements the policies set forth by 
the board.
    3. The board of directors is responsible for remaining informed 
about the operations and condition of the regulated entity, 
including operating consistently with the Standards, and senior 
management's implementation of the strategies and policies 
established by the board of directors.
* * * * *

0
5. Part 1239 is added to subchapter C to read as follows:

PART 1239--RESPONSIBILITIES OF BOARDS OF DIRECTORS, CORPORATE 
PRACTICES, AND CORPORATE GOVERNANCE

Subpart A--General
Sec.
1239.1 Purpose.
1239.2 Definitions.

[[Page 72337]]

Subpart B--Corporate Practices and Procedures Applicable to All 
Regulated Entities
1239.3 Law applicable to corporate governance and indemnification 
practices.
1239.4 Duties and responsibilities of directors.
1239.5 Board committees.
Subpart C--Other Requirements Applicable to All Regulated Entities
1239.10 Code of conduct and ethics.
1239.11 Risk management.
1239.12 Compliance program.
1239.13 Regulatory reports.
Subpart D--Enterprise Specific Requirements
1239.20 Board of directors of the Enterprises.
1239.21 Compensation of Enterprise board members.
Subpart E--Bank Specific Requirements
1239.30 Bank member products policy.
1239.31 Strategic business plan.
1239.32 Audit committee.
1239.33 Dividends.

    Authority: 12 U.S.C. 1426, 1427, 1432(a), 1436(a), 1440, 
4511(b), 4513(a), 4513(b), and 4526.

Subpart A--General


Sec.  1239.1  Purpose.

    FHFA is responsible for supervising and ensuring the safety and 
soundness of the regulated entities. In furtherance of those 
responsibilities, this part sets forth minimum standards with respect 
to responsibilities of boards of directors, corporate practices, and 
corporate governance matters of the regulated entities.


Sec.  1239.2  Definitions.

    As used in this part, (unless otherwise noted):
    Board member means a member of the board of directors of a 
regulated entity.
    Board of directors means the board of directors of a regulated 
entity.
    Business risk means the risk of an adverse impact on a regulated 
entity's profitability resulting from external factors as may occur in 
both the short and long run.
    Community financial institution has the meaning set forth in Sec.  
1263.1 of this chapter.
    Compensation means any payment of money or the provision of any 
other thing of current or potential value in connection with employment 
or in connection with service as a director.
    Credit risk is the potential that a borrower or counterparty will 
fail to meet its financial obligations in accordance with agreed terms.
    Employee means an individual, other than an executive officer, who 
works part-time, full-time, or temporarily for a regulated entity.
    Executive officer means the chief executive officer, chief 
financial officer, chief operating officer, president, any executive 
vice president, any senior vice president, and any individual with 
similar responsibilities, without regard to title, who is in charge of 
a principal business unit, division, or function, or who reports 
directly to the chairperson, vice chairperson, chief operating officer, 
or chief executive officer or president of a regulated entity.
    Immediate family member means a parent, sibling, spouse, child, 
dependent, or any relative sharing the same residence.
    Internal auditor means the individual responsible for the internal 
audit function at a regulated entity.
    Liquidity risk means the risk that a regulated entity will be 
unable to meet its financial obligations as they come due or meet the 
credit needs of its members and associates in a timely and cost-
efficient manner.
    Market risk means the risk that the market value, or estimated fair 
value if market value is not available, of a regulated entity's 
portfolio will decline as a result of changes in interest rates, 
foreign exchange rates, or equity or commodity prices.
    NYSE means the New York Stock Exchange.
    Operational risk means the risk of loss resulting from inadequate 
or failed internal processes, people, or systems, or from external 
events (including legal risk but excluding strategic and reputational 
risk).
    Risk appetite means the aggregate level and types of risk the board 
of directors and management are willing to assume to achieve the 
regulated entity's strategic objectives and business plan, consistent 
with applicable capital, liquidity, and other regulatory requirements.
    Significant deficiency means a deficiency, or a combination of 
deficiencies, in internal control that is less severe than a material 
weakness, yet important enough to merit attention by those charged with 
governance.

Subpart B--Corporate Practices and Procedures Applicable to All 
Regulated Entities


Sec.  1239.3  Law applicable to corporate governance and 
indemnification practices.

    (a) General. The corporate governance practices and procedures of 
each regulated entity, and practices and procedures relating to 
indemnification (including advancement of expenses), shall comply with 
and be subject to the applicable authorizing statutes and other Federal 
law, rules, and regulations, and shall be consistent with the safe and 
sound operations of the regulated entities.
    (b) Election and designation of body of law. (1) To the extent not 
inconsistent with paragraph (a) of this section, each regulated entity 
shall elect to follow the corporate governance and indemnification 
practices and procedures set forth in one of the following:
    (i) The law of the jurisdiction in which the principal office of 
the regulated entity is located;
    (ii) The Delaware General Corporation Law (Del. Code Ann. Title 8); 
or
    (iii) The Revised Model Business Corporation Act.
    (2) Each regulated entity shall designate in its bylaws the body of 
law elected for its corporate governance and indemnification practices 
and procedures pursuant to this paragraph, and shall do so by no later 
than March 18, 2016.
    (c) Indemnification. (1) Subject to paragraphs (a) and (b) of this 
section, to the extent applicable, a regulated entity shall indemnify 
(and advance the expenses of) its directors, officers, and employees 
under such terms and conditions as are determined by its board of 
directors. The regulated entity is authorized to maintain insurance for 
its directors and any other officer or employee.
    (2) Each regulated entity shall have in place policies and 
procedures consistent with this section for indemnification of its 
directors, officers, and employees. Such policies and procedures shall 
address how the board of directors is to approve or deny requests for 
indemnification from current and former directors, officers, and 
employees, and shall include standards relating to indemnification, 
investigations by the board of directors, and review by independent 
counsel.
    (3) Nothing in this paragraph (c) shall affect any rights to 
indemnification (including the advancement of expenses) that a director 
or any other officer or employee had with respect to any actions, 
omissions, transactions, or facts occurring prior to the effective date 
of this paragraph.
    (4) FHFA has the authority under the Safety and Soundness Act to 
review a regulated entity's indemnification policies, procedures, and 
practices to ensure that they are conducted in a safe and sound manner, 
and that they are consistent with the body of law adopted by the board 
of directors under paragraph (b) of this section.

[[Page 72338]]

    (d) No rights created. Nothing in this part shall create or be 
deemed to create any rights in any third party, including in any member 
of a Bank, nor shall it cause or be deemed to cause any regulated 
entity to become subject to the jurisdiction of any state court with 
respect to the entity's corporate governance or indemnification 
practices or procedures.


Sec.  1239.4  Duties and responsibilities of directors.

    (a) Management of a regulated entity. The management of each 
regulated entity shall be by or under the direction of its board of 
directors. While a board of directors may delegate the execution of 
operational functions to officers and employees of the regulated 
entity, the ultimate responsibility of each entity's board of directors 
for that entity's oversight is non-delegable. The board of directors of 
a regulated entity is responsible for directing the conduct and affairs 
of the entity in furtherance of the safe and sound operation of the 
entity and shall remain reasonably informed of the condition, 
activities, and operations of the entity.
    (b) Duties of directors. Each director of a regulated entity shall 
have the duty to:
    (1) Carry out his or her duties as director in good faith, in a 
manner such director believes to be in the best interests of the 
regulated entity, and with such care, including reasonable inquiry, as 
is required under the Revised Model Business Corporation Act or the 
other body of law that the entity's board of directors has chosen to 
follow for its corporate governance and indemnification practices and 
procedures in accordance with Sec.  1239.3(b);
    (2) For Bank directors, administer the affairs of the regulated 
entity fairly and impartially and without discrimination in favor of or 
against any member institution;
    (3) At the time of election, or within a reasonable time 
thereafter, have a working familiarity with basic finance and 
accounting practices, including the ability to read and understand the 
regulated entity's balance sheet and income statement and to ask 
substantive questions of management and the internal and external 
auditors;
    (4) Direct the operations of the regulated entity in conformity 
with the requirements set forth in the authorizing statutes, the Safety 
and Soundness Act, and this chapter; and
    (5) Adopt and maintain in effect at all times bylaws governing the 
manner in which the regulated entity administers its affairs. Such 
bylaws shall be consistent with applicable laws and regulations 
administered by FHFA, and with the body of law designated for the 
entity's corporate governance practices and procedures in accordance 
with Sec.  1239.3(b).
    (c) Director responsibilities. The responsibilities of the board of 
directors include having in place adequate policies to assure its 
oversight of, among other matters, the following:
    (1) The risk management and compensation programs of the regulated 
entity;
    (2) The processes for providing accurate financial reporting and 
other disclosures, and communications with stockholders; and
    (3) The responsiveness of executive officers in providing accurate 
and timely reports to FHFA and in addressing all supervisory concerns 
of FHFA in a timely and appropriate manner.
    (d) Authority regarding staff and outside consultants. (1) In 
carrying out its duties and responsibilities under the authorizing 
statutes, the Safety and Soundness Act, and this chapter, each 
regulated entity's board of directors and all committees thereof shall 
have authority to retain staff and outside counsel, independent 
accountants, or other outside consultants at the expense of the 
regulated entity.
    (2) The board of directors and its committees may require that 
staff of the regulated entity that provides services to the board or 
any committee under paragraph (d)(1) of this section report directly to 
the board or such committee, as appropriate.


Sec.  1239.5  Board committees.

    (a) General. The board of directors may rely, in directing a 
regulated entity, on reports from committees of the board of directors, 
provided, however, that no committee of the board of directors shall 
have the authority of the board of directors to amend the bylaws and no 
committee shall operate to relieve the board of directors or any board 
member of a responsibility imposed by applicable law, rule, or 
regulation.
    (b) Required committees. The board of directors of each regulated 
entity shall have committees, however styled, that address each of the 
following areas of responsibility: Risk management; audit; 
compensation; and corporate governance (in the case of the Banks, 
including the nomination of independent board of director candidates, 
and, in the case of the Enterprises, including the nomination of all 
board of director candidates). The risk management committee and the 
audit committee shall not be combined with any other committees. The 
board of directors may establish any other committees that it deems 
necessary or useful to carrying out its responsibilities, subject to 
the provisions of this section. In the case of the Enterprises, board 
committees shall comply with the charter, independence, composition, 
expertise, duties, responsibilities, and other requirements set forth 
under rules issued by the NYSE, and the audit committees shall also 
comply with the requirements set forth under section 301 of the 
Sarbanes-Oxley Act of 2002, Public Law 107-204.
    (c) Charter. The board of directors shall adopt a formal written 
charter for each committee that specifies the scope of a committee's 
powers and responsibilities, as well as the committee's structure, 
processes, and membership requirements.
    (d) Frequency of meetings. Each committee of the board of directors 
shall meet regularly and with sufficient frequency to carry out its 
obligations and duties under applicable laws, rules, regulations, and 
guidelines. Committees that are structured to meet only on an as-needed 
basis shall meet in the manner specified by their charter. All such 
committees shall also meet with sufficient timeliness as necessary in 
light of relevant conditions and circumstances to fulfill their 
obligations and duties.

Subpart C--Other Requirements Applicable to All Regulated Entities


Sec.  1239.10  Code of conduct and ethics.

    (a) General. A regulated entity shall establish and administer a 
written code of conduct and ethics that is reasonably designed to 
assure that its directors, officers, and employees discharge their 
duties and responsibilities in an objective and impartial manner that 
promotes honest and ethical conduct, compliance with applicable laws, 
rules, and regulations, accountability for adherence to the code, and 
prompt internal reporting of violations of the code to appropriate 
persons identified in the code. The code also shall include provisions 
applicable to the regulated entity's principal executive officer, 
principal financial officer, principal accounting officer or 
controller, or persons performing similar functions, that are 
reasonably designed to promote full, fair, accurate, and understandable 
disclosure in reports and other documents filed with the Securities and 
Exchange Commission and in other public communications reporting on the 
entity's financial condition.
    (b) Review. Not less often than once every three years, a regulated 
entity

[[Page 72339]]

shall review the adequacy of its code of conduct and ethics for 
consistency with practices appropriate to the entity and make any 
appropriate revisions to such code.


Sec.  1239.11  Risk management.

    (a) Risk management program--(1) Adoption. Each regulated entity's 
board of directors shall approve, have in effect at all times, and 
periodically review an enterprise-wide risk management program that 
establishes the regulated entity's risk appetite, aligns the risk 
appetite with the regulated entity's strategies and objectives, 
addresses the regulated entity's exposure to credit risk, market risk, 
liquidity risk, business risk and operational risk, and complies with 
the requirements of this part and with all applicable FHFA regulations 
and policies.
    (2) Risk appetite. The board of directors shall ensure that the 
risk management program aligns with the regulated entity's risk 
appetite.
    (3) Risk management program requirements. The risk management 
program shall include:
    (i) Risk limitations appropriate to each business line of the 
regulated entity;
    (ii) Appropriate policies and procedures relating to risk 
management governance, risk oversight infrastructure, and processes and 
systems for identifying and reporting risks, including emerging risks;
    (iii) Provisions for monitoring compliance with the regulated 
entity's risk limit structure and policies relating to risk management 
governance, risk oversight, and effective and timely implementation of 
corrective actions; and
    (iv) Provisions specifying management's authority and independence 
to carry out risk management responsibilities, and the integration of 
risk management with management's goals and compensation structure.
    (b) Risk committee. The board of each regulated entity shall 
establish and maintain a risk committee of the board of directors that 
assists the board in carrying out its duties to oversee the enterprise-
wide risk management program at the regulated entity.
    (1) Committee structure. The risk committee shall:
    (i) Be chaired by a director not serving in a management capacity 
of the regulated entity;
    (ii) Have at least one member with risk management experience that 
is commensurate with the regulated entity's capital structure, risk 
appetite, complexity, activities, size, and other appropriate risk-
related factors;
    (iii) Have committee members that have, or that will acquire within 
a reasonable time after being elected to the committee, a practical 
understanding of risk management principles and practices relevant to 
the regulated entity;
    (iv) Fully document and maintain records of its meetings, including 
its risk management decisions and recommendations; and
    (v) Report directly to the board and not as part of, or combined 
with, another committee.
    (2) Committee responsibilities. The risk committee shall:
    (i) Periodically review and recommend for board approval an 
appropriate enterprise-wide risk management program that is 
commensurate with the regulated entity's capital structure, risk 
appetite, complexity, activities, size, and other appropriate risk-
related factors;
    (ii) Receive and review regular reports from the regulated entity's 
chief risk officer, as required under paragraph (c)(5) of this section 
; and
    (iii) Periodically review the capabilities for, and adequacy of 
resources allocated to, enterprise-wide risk management.
    (c) Chief Risk Officer.--(1) Appointment of a chief risk officer 
(CRO). Each regulated entity shall appoint a CRO to implement and 
maintain appropriate enterprise-wide risk management practices for the 
regulated entity.
    (2) Organizational structure of the risk management function. The 
CRO shall head an independent enterprise-wide risk management function, 
or unit, and shall report directly to the risk committee and to the 
chief executive officer.
    (3) Responsibilities of the CRO. The CRO shall be responsible for 
the enterprise-wide risk management function, including:
    (i) Allocating risk limits and monitoring compliance with such 
limits;
    (ii) Establishing appropriate policies and procedures relating to 
risk management governance, practices, and risk controls, and 
developing appropriate processes and systems for identifying and 
reporting risks, including emerging risks;
    (iii) Monitoring risk exposures, including testing risk controls 
and verifying risk measures; and
    (iv) Communicating within the organization about any risk 
management issues and/or emerging risks, and ensuring that risk 
management issues are effectively resolved in a timely manner.
    (4) The CRO should have risk management expertise that is 
commensurate with the regulated entity's capital structure, risk 
appetite, complexity, activities, size, and other appropriate risk 
related factors.
    (5) The CRO shall report regularly to the risk committee and to the 
chief executive officer on significant risk exposures and related 
controls, changes to risk appetite, risk management strategies, results 
of risk management reviews, and emerging risks. The CRO shall also 
report regularly on the regulated entity's compliance with, and the 
adequacy of, its current risk management policies and procedures, and 
shall recommend any adjustments to such policies and procedures that he 
or she considers necessary or appropriate.
    (6) The compensation of a regulated entity's CRO shall be 
appropriately structured to provide for an objective and independent 
assessment of the risks taken by the regulated entity.


Sec.  1239.12  Compliance program.

    A regulated entity shall establish and maintain a compliance 
program that is reasonably designed to assure that the regulated entity 
complies with applicable laws, rules, regulations, and internal 
controls. The compliance program shall be headed by a compliance 
officer, however styled, who reports directly to the chief executive 
officer. The compliance officer also shall report regularly to the 
board of directors, or an appropriate committee thereof, on the 
adequacy of the entity's compliance policies and procedures, including 
the entity's compliance with them, and shall recommend any revisions to 
such policies and procedures that he or she considers necessary or 
appropriate.


Sec.  1239.13  Regulatory reports.

    (a) Reports. Each regulated entity shall file Regulatory Reports 
with FHFA in accordance with the forms, instructions, and schedules 
issued by FHFA from time to time. If no regularly scheduled reporting 
dates are established, Regulatory Reports shall be filed as requested 
by FHFA.
    (b) Definition. For purposes of this section, the term Regulatory 
Report means any report to FHFA of information or raw or summary data 
needed to evaluate the safe and sound condition or operations of a 
regulated entity, or to determine compliance with any:

[[Page 72340]]

    (1) Provision in the Bank Act, Safety and Soundness Act, or other 
law, order, rule, or regulation;
    (2) Condition imposed in writing by FHFA in connection with the 
granting of any application or other request by a regulated entity; or
    (3) Written agreement entered into between FHFA and a regulated 
entity.

Subpart D--Enterprise Specific Requirements


Sec.  1239.20  Board of directors of the Enterprises.

    (a) Membership--(1) Limits on service of board members.--(i) 
General requirement. No board member of an Enterprise may serve on the 
board of directors for more than 10 years or past the age of 72, 
whichever comes first; provided, however, a board member may serve his 
or her full term if he or she has served less than 10 years or is 72 
years on the date of his or her election or appointment to the board; 
and
    (ii) Waiver. Upon written request of an Enterprise, the Director 
may waive, in his or her sole discretion and for good cause, the limits 
on the service of a board member under paragraph (a)(1)(i) of this 
section.
    (2) Independence of board members. A majority of seated members of 
the board of directors of an Enterprise shall be independent board 
members, as defined under rules set forth by the NYSE, as amended from 
time to time.
    (3) Segregation of duties. The position of chairperson of the board 
of directors shall be filled by a person other than the chief executive 
officer, who shall also be a director of the Enterprise that is 
independent, as defined under the rules set forth by the NYSE, as 
amended from time to time.
    (b) Meetings, quorum and proxies, information, and annual review--
(1) Frequency of meetings. The board of directors of an Enterprise 
shall meet at least eight times a year and no less than once a calendar 
quarter to carry out its obligations and duties under applicable laws, 
rules, regulations, and guidelines.
    (2) Non-management board member meetings. Non-management directors 
of an Enterprise shall meet at regularly scheduled executive sessions 
without management participation.
    (3) Quorum of board of directors; proxies not permissible. For the 
transaction of business, a quorum of the board of directors of an 
Enterprise is at least a majority of the seated board of directors and 
a board member may not vote by proxy.
    (4) Information. Management of an Enterprise shall provide a board 
member of the Enterprise with such adequate and appropriate information 
that a reasonable board member would find important to the fulfillment 
of his or her fiduciary duties and obligations.
    (5) Annual review. At least annually, the board of directors of an 
Enterprise shall be informed of significant changes to the requirements 
of laws, rules, regulations, and guidelines that are applicable to its 
activities and duties.


Sec.  1239.21  Compensation of Enterprise board members.

    Each Enterprise may pay its directors reasonable and appropriate 
compensation for the time required of them, and their necessary and 
reasonable expenses, in the performance of their duties.

Subpart E--Bank Specific Requirements


Sec.  1239.30  Bank member products policy.

    (a) Adoption and review of member products policy--(1) Adoption. 
Each Bank's board of directors shall have in effect at all times a 
policy that addresses the Bank's management of products offered by the 
Bank to members and housing associates, including but not limited to 
advances, standby letters of credit, and acquired member assets, 
consistent with the requirements of the Bank Act, paragraph (b) of this 
section, and all applicable FHFA regulations and policies.
    (2) Review and compliance. Each Bank's board of directors shall:
    (i) Review the Bank's member products policy annually;
    (ii) Amend the member products policy as appropriate; and
    (iii) Re-adopt the member products policy, including interim 
amendments, not less often than every three years.
    (b) Member products policy requirements. In addition to meeting any 
other requirements set forth in this chapter, each Bank's member 
products policy shall:
    (1) Address credit underwriting criteria to be applied in 
evaluating applications for advances, standby letters of credit, and 
renewals;
    (2) Address appropriate levels of collateralization, valuation of 
collateral and discounts applied to collateral values for advances and 
standby letters of credit;
    (3) Address advances-related fees to be charged by each Bank, 
including any schedules or formulas pertaining to such fees;
    (4) Address standards and criteria for pricing member products, 
including differential pricing of advances pursuant to Sec.  
1266.5(b)(2) of this chapter, and criteria regarding the pricing of 
standby letters of credit, including any special pricing provisions for 
standby letters of credit that facilitate the financing of projects 
that are eligible for any of the Banks' CICA programs under part 1292 
of this chapter;
    (5) Provide that, for any draw made by a beneficiary under a 
standby letter of credit, the member will be charged a processing fee 
calculated in accordance with the requirements of Sec.  1271.6(b) of 
this chapter;
    (6) Address the maintenance of appropriate systems, procedures, and 
internal controls; and
    (7) Address the maintenance of appropriate operational and 
personnel capacity.


Sec.  1239.31  Strategic business plan.

    (a) Adoption of strategic business plan. Each Bank's board of 
directors shall have in effect at all times a strategic business plan 
that describes how the business activities of the Bank will achieve the 
mission of the Bank consistent with part 1265 of this chapter. 
Specifically, each Bank's strategic business plan shall:
    (1) Enumerate operating goals and objectives for each major 
business activity and for all new business activities, which must 
include plans for maximizing activities that further the Bank's housing 
finance and community lending mission, consistent with part 1265 of 
this chapter;
    (2) Discuss how the Bank will address credit needs and market 
opportunities identified through ongoing market research and 
consultations with members, associates, and public and private 
organizations;
    (3) Establish quantitative performance goals for Bank products 
related to multi-family housing, small business, small farm and small 
agri-business lending;
    (4) Describe any proposed new business activities or enhancements 
of existing activities; and
    (5) Be supported by appropriate and timely research and analysis of 
relevant market developments and member and associate demand for Bank 
products and services.
    (b) Review and monitoring. Each Bank's board of directors shall:
    (1) Review the Bank's strategic business plan at least annually;
    (2) Re-adopt the Bank's strategic business plan, including interim 
amendments, not less often than every three years; and
    (3) Establish management reporting requirements and monitor 
implementation of the strategic business plan and the operating goals 
and objectives contained therein.

[[Page 72341]]

    (c) Report to FHFA. Each Bank shall submit to FHFA annually a 
report analyzing and describing the Bank's performance in achieving the 
goals described in paragraph (a)(3) of this section.


Sec.  1239.32  Audit committee.

    (a) Establishment. The audit committee of each Bank established as 
required by Sec.  1239.5(b) shall be consistent with the requirements 
set forth in this section.
    (b) Composition. (1) The audit committee shall comprise five or 
more persons drawn from the Bank's board of directors, each of whom 
shall meet the criteria of independence set forth in paragraph (c) of 
this section.
    (2) The audit committee shall include, to the extent practicable, a 
balance of representatives of:
    (i) Community financial institutions and other members; and
    (ii) Independent directors and member directors of the Bank, both 
as defined in the Bank Act.
    (3) The terms of audit committee members shall be appropriately 
staggered so as to provide for continuity of service.
    (4) At least one member of the audit committee shall have extensive 
accounting or related financial management experience.
    (c) Independence. Any member of the Bank's board of directors shall 
be considered to be sufficiently independent to serve as a member of 
the audit committee if that director does not have a disqualifying 
relationship with the Bank or its management that would interfere with 
the exercise of that director's independent judgment. Such 
disqualifying relationships include, but are not limited to:
    (1) Being employed by the Bank in the current year or any of the 
past five years;
    (2) Accepting any compensation from the Bank other than 
compensation for service as a board director;
    (3) Serving or having served in any of the past five years as a 
consultant, advisor, promoter, underwriter, or legal counsel of or to 
the Bank; or
    (4) Being an immediate family member of an individual who is, or 
has been in any of the past five years, employed by the Bank as an 
executive officer.
    (d) Charter. (1) The audit committee of each Bank shall review and 
assess the adequacy of the Bank's audit committee charter on an annual 
basis, and shall recommend to the board of directors any amendments 
that it believes to be appropriate;
    (2) The board of directors of each Bank shall review and assess the 
adequacy of the audit committee charter on an annual basis, shall amend 
the audit committee charter whenever it deems it appropriate to do so, 
and shall reapprove the audit committee charter not less often than 
every three years; and
    (3) Each Bank's audit committee charter shall:
    (i) Provide that the audit committee has the responsibility to 
select, evaluate and, where appropriate, replace the internal auditor 
and that the internal auditor may be removed only with the approval of 
the audit committee;
    (ii) Provide that the internal auditor shall report directly to the 
audit committee on substantive matters and that the internal auditor is 
ultimately accountable to the audit committee and board of directors; 
and
    (iii) Provide that both the internal auditor and the external 
auditor shall have unrestricted access to the audit committee without 
the need for any prior management knowledge or approval.
    (e) Duties. Each Bank's audit committee shall have the duty to:
    (1) Direct senior management to maintain the reliability and 
integrity of the accounting policies and financial reporting and 
disclosure practices of the Bank;
    (2) Review the basis for the Bank's financial statements and the 
external auditor's opinion rendered with respect to such financial 
statements (including the nature and extent of any significant changes 
in accounting principles or the application thereof) and ensure that 
policies are in place that are reasonably designed to achieve 
disclosure and transparency regarding the Bank's true financial 
performance and governance practices;
    (3) Oversee the internal audit function by:
    (i) Reviewing the scope of audit services required, significant 
accounting policies, significant risks and exposures, audit activities, 
and audit findings;
    (ii) Assessing the performance and determining the compensation of 
the internal auditor; and
    (iii) Reviewing and approving the internal auditor's work plan.
    (4) Oversee the external audit function by:
    (i) Approving the external auditor's annual engagement letter;
    (ii) Reviewing the performance of the external auditor; and
    (iii) Making recommendations to the Bank's board of directors 
regarding the appointment, renewal, or termination of the external 
auditor.
    (5) Provide an independent, direct channel of communication between 
the Bank's board of directors and the internal and external auditors;
    (6) Conduct or authorize investigations into any matters within the 
audit committee's scope of responsibilities;
    (7) Ensure that senior management has established and is 
maintaining an adequate internal control system within the Bank by:
    (i) Reviewing the Bank's internal control system and the resolution 
of identified material weaknesses and significant deficiencies in the 
internal control system, including the prevention or detection of 
management override or compromise of the internal control system; and
    (ii) Reviewing the programs and policies of the Bank designed to 
ensure compliance with applicable laws, regulations and policies, and 
monitoring the results of these compliance efforts;
    (8) Review the policies established by senior management to assess 
and monitor implementation of the Bank's strategic business plan and 
the operating goals and objectives contained therein; and
    (9) Report periodically its findings to the Bank's board of 
directors.
    (f) Meetings. The audit committee shall prepare written minutes of 
each audit committee meeting.


Sec.  1239.33  Dividends.

    A Bank's board of directors may not declare or pay a dividend based 
on projected or anticipated earnings and may not declare or pay a 
dividend if the par value of the Bank's stock is impaired or is 
projected to become impaired after paying such dividend.

CHAPTER XVII--OFFICE OF FEDERAL HOUSING ENTERPRISE OVERSIGHT, 
DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT

SUBCHAPTER C--SAFETY AND SOUNDNESS

PART 1710--[REMOVED]

0
6. Remove part 1710.

PART 1720--[REMOVED]

0
7. Remove part 1720.

    Dated: November 10, 2015.
Melvin L. Watt,
Director, Federal Housing Finance Agency.
[FR Doc. 2015-29367 Filed 11-18-15; 8:45 am]
 BILLING CODE 8070-01-P