[Federal Register Volume 79, Number 18 (Tuesday, January 28, 2014)]
[Proposed Rules]
[Pages 4414-4429]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-01173]


=======================================================================
-----------------------------------------------------------------------

FEDERAL HOUSING FINANCE BOARD

12 CFR Parts 914 and 917

FEDERAL HOUSING FINANCE AGENCY

12 CFR Parts 1236 and 1239

DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT

Office of Federal Housing Enterprise Oversight

12 CFR Parts 1710 and 1720

RIN 2590-AA59


Responsibilities of Boards of Directors, Corporate Practices and 
Corporate Governance Matters

AGENCIES: Federal Housing Finance Board; Federal Housing Finance 
Agency; Office of Federal Housing Enterprise Oversight.

ACTION: Proposed rule; with request for comments.

-----------------------------------------------------------------------

SUMMARY: The Federal Housing Finance Agency (FHFA) is proposing to 
amend its regulations by relocating and consolidating certain Federal 
Housing Finance Board (Finance Board) and Office of Federal Housing 
Enterprise Oversight (OFHEO) regulations that pertain to the 
responsibilities of boards of directors, corporate practices, and 
corporate governance matters. The OFHEO regulations address corporate 
governance matters at the Federal National Mortgage Association and the 
Federal Home Loan Mortgage Corporation (Enterprises), while the Finance 
Board regulations address the powers and responsibilities of the boards 
of directors and management of the Federal Home Loan Banks (Banks). The 
proposed rule would consolidate most of those existing regulations into 
a new FHFA regulation, parts of which would apply to both the Banks and 
the Enterprises (together, regulated entities), and parts of which 
would apply only to the Banks or only to the Enterprises. Most of the 
content of the new regulation has been derived from the existing 
regulations, with such modifications as are necessary to apply certain 
provisions to all regulated entities. The proposal also would include a 
new provision on risk management and a new definition of ``credit 
risk,'' which is a term that is used only within the proposed risk 
management provision. Those provisions would apply to both the Banks 
and the Enterprises. FHFA also is proposing to amend a definition 
within

[[Page 4415]]

its Prudential Management and Operations Standards (Prudential 
Standards) regulations and the introductory language to the standards 
themselves. Together, those amendments would explicitly include certain 
introductory language--pertaining to the general responsibilities of 
senior management and boards of directors--as part of the standards. 
The proposed rule also would repeal a separate provision of the OFHEO 
regulations that relate to minimum safety and soundness requirements.

DATES: Written comments on the proposed rule must be received on or 
before March 31, 2014. For additional information, see SUPPLEMENTARY 
INFORMATION.

ADDRESSES: You may submit your comments on the proposed rule, 
identified by regulatory information number ``RIN 2590-AA59,'' by any 
of the following methods:
     Email: Comments to Alfred M. Pollard, General Counsel, may 
be sent by email to RegComments@FHFA.gov. Please include ``RIN 2590-
AA59'' in the subject line of the message.
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments. If you submit your 
comment to the Federal eRulemaking Portal, please also send it by email 
to FHFA at RegComments@FHFA.gov to ensure timely receipt by the agency. 
Include the following information in the subject line of your 
submission: Comments/RIN 2590-AA59.
     U.S. Mail, United Parcel Post, Federal Express, or Other 
Mail Service: The mailing address for comments is: Alfred M. Pollard, 
General Counsel, Attention: Comments/RIN 2590-AA59, Federal Housing 
Finance Agency, Constitution Center, Eighth Floor (OGC), 400 7th Street 
SW., Washington, DC 20024.
     Hand Delivered/Courier: The hand delivery address is: 
Alfred M. Pollard, General Counsel; Attention: Comments/RIN 2590-AA59, 
Federal Housing Finance Agency, Constitution Center, Eighth Floor 
(OGC), 400 7th Street SW., Washington, DC 20024. The package should be 
logged at the Guard Desk, First Floor, on business days between 9 a.m. 
and 5 p.m.

FOR FURTHER INFORMATION CONTACT: Amy Bogdon, Amy.Bogdon@fhfa.gov, (202) 
649-3320, Associate Director, Division of Federal Home Loan Bank 
Regulation; or Michou Nguyen, Michou.Nguyen@fhfa.gov, (202) 649-3081 
(not toll-free numbers), Assistant General Counsel, Office of General 
Counsel, Federal Housing Finance Agency, Constitution Center, Eighth 
Floor (OGC), 400 7th Street SW., Washington, DC 20024. The telephone 
number for the Telecommunications Device for the Hearing Impaired is 
(800) 877-8339.

SUPPLEMENTARY INFORMATION: 

I. Comments

    FHFA invites comments on all aspects of the proposed rule in 
addition to requesting comments in response to specific questions that 
appear throughout this document. FHFA will take all comments into 
consideration before issuing a final regulation. All comments received 
will be posted without change on the FHFA Web site at http://www.fhfa.gov, and will include any personal information you provide, 
such as your name, address (mailing and email), and telephone numbers. 
In addition, copies of all comments received will be available for 
examination by the public on business days between the hours of 10 a.m. 
and 3 p.m., at the Federal Housing Finance Agency, Eighth Floor, 400 
7th Street SW., Washington, DC 20024. To make an appointment to inspect 
comments, please call the Office of General Counsel at (202) 649-3804.

II. Background

A. Purpose of the Proposed Rule

    This proposed rule is the next phase in FHFA's effort to repeal or 
relocate all remaining OFHEO and Finance Board regulations. Both of the 
predecessor agencies had adopted regulations addressing director 
responsibilities, corporate practices, and corporate governance 
matters. Pursuant to the Housing and Economic Recovery Act of 2008 
(HERA), Public Law 110-289, 122 Stat. 2654, those regulations remain in 
effect until they are superseded by regulations issued by FHFA. See id. 
at sections 1301, 1302, 1311, 1312, 122 Stat. 2794-95, 2797-98. The 
intent of this proposed rule is to consolidate or relocate certain of 
the existing regulations into a new set of FHFA regulations that would 
address those same matters. FHFA would expand the scope of certain of 
the existing regulations to both the Enterprises and the Banks. Those 
provisions address matters of general corporate governance or corporate 
practices that are common to all the regulated entities. For certain 
other provisions of the existing regulations, FHFA would continue to 
apply them only to the Banks or only to the Enterprises, as they 
address topics that are unique to the particular entity, as permitted 
by statute. The proposed rule would carry over most of those provisions 
without change. The proposed rule is not intended to address 
conservatorship matters. Rather, the proposal addresses matters of 
corporate practice and governance, as well as compliance and risk 
management practices, nearly all of which currently apply to the 
Enterprises through the OFHEO regulations and all of which remain 
relevant to their safe and sound operation.
    The regulations of the predecessor agencies that would be relocated 
by this rulemaking are located at parts 914, 917, and 1710 of title 12 
of the Code of Federal Regulations (CFR). The Finance Board regulations 
at part 914 address regulatory reporting for the Banks. FHFA is 
proposing to relocate that provision without substantive change and 
apply it to all of the regulated entities. All of the relocated 
regulations would be adopted as a new part, 12 CFR 1239 (part 1239), in 
the FHFA section of title 12 of the CFR. Any regulations of the 
predecessor agencies that are not being adopted as FHFA regulations 
would be repealed.
    As part of this rulemaking, FHFA is also proposing to amend one of 
the definitions within its Prudential Standards regulations, as well as 
one aspect of the Prudential Standards themselves. Together, those 
amendments would explicitly provide that the introductory language 
within the Prudential Standards, which appears immediately before the 
enumerated 10 standards, is considered a part of the standards and is 
to be treated in the same manner as the 10 enumerated standards. The 
introductory section of the Prudential Standards recites general 
concepts of corporate governance and responsibilities, as they relate 
to the subject matter of the individual standards, that are a part of 
the typical responsibilities of the board of directors and senior 
management of any financial institution. FHFA believes that it would be 
more appropriate to include those paragraphs as explicitly part of the 
standards, and having the same substantive effect under the Prudential 
Standards regime. Lastly, FHFA is proposing to repeal in its entirety 
part 1720 of the OFHEO regulations, which established certain safety 
and soundness standards for the Enterprises. Because many of the 
matters addressed by part 1720 are also addressed by the Prudential 
Standards and by parts of this proposed rule, FHFA has determined that 
the repeal of part 1720 will not change the standards applicable to the 
Enterprises. The following sections briefly describe each of the 
provisions in proposed part 1239 and its origin.

[[Page 4416]]

    Also with respect to the Prudential Standards, FHFA acknowledges 
that there is substantial overlap between some of these proposed 
regulations and the Prudential Standards, and requests comment on 
appropriate modifications to the regulations to harmonize them with the 
Prudential Standards to create a unified set of corporate governance 
requirements with appropriate levels of specificity and appropriate 
enforcement mechanisms.

B. Overview of Part 1239

    Part 1239 of the proposed rule would be structured into a subpart 
(A) for definitions and four substantive subparts (B through E). 
Subpart B would consist of regulations relating to core corporate 
governance principles, which would apply to both the Banks and the 
Enterprises. Subpart C would include regulations addressing codes of 
conduct, risk management, compliance programs, and regulatory reports, 
which also would apply to all regulated entities. Subparts D and E 
would consist of regulations that address matters specific to the Banks 
(such as those relating to a Bank's member product policy) and to the 
Enterprises (such as those relating to the Enterprise boards), 
respectively.
    Much of the content of part 1239, with the exception of the 
provision on risk management, has been derived from the current Finance 
Board and OFHEO regulations, with modifications as necessary to apply 
certain of the provisions to all regulated entities and to clarify, 
update, or supplement the existing regulations, as appropriate. FHFA 
believes that the current Finance Board risk management regulation 
would benefit from updates. Accordingly, FHFA has rewritten this 
provision in its entirety and is proposing to apply the revised 
provision to the Enterprises as well as to the Banks. FHFA believes 
that the Finance Board regulations dealing with audit committees and 
internal controls could be similarly updated and extended to the 
Enterprises, but is soliciting comment on how best to do that, rather 
than proposing revised language for those provisions, as discussed in 
more detail in part III.E. (Bank Specific Requirements).

C. Considerations of Differences Between the Banks and the Enterprises

    When promulgating regulations or taking other actions that relate 
to the Banks, section 1313(f) of the Federal Housing Enterprises 
Financial Safety and Soundness Act of 1992 (Safety and Soundness Act), 
as amended by section 1201 of HERA, requires the Director to consider 
the differences between the Banks and the Enterprises with respect to 
the Banks' cooperative ownership structure; mission of providing 
liquidity to members; affordable housing and community development 
mission; capital structure; and joint and several liability. 12 U.S.C. 
4513(f). In preparing the proposed rule, the Director has considered 
the differences between the Banks and the Enterprises as they relate to 
the above factors and has determined that none of the statutory factors 
would be adversely affected by the proposed rule. The Director is 
requesting comments from the public about whether differences related 
to these factors should result in a revision of the proposed rule as it 
relates to the Banks.

III. Part 1239

A. Subpart A--General

Definitions (1239.2)
    The definitions section of the proposed rule consists of 
definitions from parts 914, 917, and 1710, most of which are being 
relocated without any substantive change, apart from conforming changes 
that are necessary to make certain of the defined terms applicable to 
both the Banks and the Enterprises. The proposed rule would 
substantively amend certain of the existing definitions, as described 
below. First, the proposed rule would replace the term ``reportable 
conditions'' (which currently appears only in the Finance Board 
regulation on audit committees) with the term ``significant 
deficiency.'' That revision would better align the concept with current 
accounting and financial reporting standards. Second, the proposed rule 
would amend the definition of ``credit risk,'' which currently appears 
only in the Finance Board provision pertaining to risk management. The 
proposed definition would define credit risk as the potential that a 
borrower or counterparty will fail to meet its financial obligations in 
accordance with the agreed terms. FHFA believes that is a better 
definition than the current provision, which focuses on the decline in 
value of an obligation as a result of a deterioration in 
creditworthiness. Third, the proposal would revise the definition of 
``operational risk'' to follow the definition used by the other federal 
banking regulators in their risk-based capital regulations, which also 
is consistent with the definition of the term from the Basel Committee 
on Banking Supervision.\1\ Fourth, the proposed rule would delete the 
definition of ``senior executive officer'' but add the substance of 
that definition into the definition of ``executive officer.'' The term 
``senior executive officer'' is not used in any of the substantive 
provisions of the proposed regulations, and appears only within the 
definition of ``executive officer.'' Rather than retain a definition of 
a term that appears only within another defined term, FHFA believes it 
is more appropriate to relocate the operative language from the 
definition of ``senior executive officer'' into the definition of 
``executive officer.'' A number of terms that will no longer be used in 
the proposed regulations will not be carried forward into the proposed 
rule, nor will any terms that FHFA has defined in the general 
definitions section of its regulations, 12 CFR part 1201.
---------------------------------------------------------------------------

    \1\ See Basel Committee on Banking Supervision, International 
Convergence of Capital Measurement and Capital Standards: A Revised 
Framework--Comprehensive Version, Section V (Operational Risk), 
paragraph 644, Basel, June 2006.
---------------------------------------------------------------------------

B. Subpart B--Corporate Practices and Procedures Applicable to All 
Regulated Entities

    Subpart B includes three provisions that address certain core 
principles of corporate practices or governance that FHFA believes 
should be applied to both the Enterprises and the Banks. The topics 
addressed by this part of the proposed rule are choice of law, duties 
of directors, and committees of the boards of directors, and nearly all 
of those provisions are derived from the Finance Board or OFHEO 
regulations.
Choice of Law (1239.3)
    Section 1239.3 of the proposed rule would require each regulated 
entity to designate a body of law to follow with respect to its 
corporate governance and indemnification practices. This requirement 
already applies to the Enterprises and the Office of Finance, pursuant 
to 12 CFR 1710.10 of the OFHEO regulations and 12 CFR 1273.7(i)(2) of 
the FHFA regulations, respectively, but would be new for the Banks. 
Under this provision, a regulated entity would be required to designate 
in its bylaws one of the following for its corporate governance 
practices and procedures: (1) The law of the jurisdiction in which the 
entity maintains its principal office; (2) the Delaware General 
Corporation Law; or (3) the Revised Model Business Corporation Act. 
Technically, those laws would not apply to, nor be binding on, the 
Banks or Enterprises, because they are not state-chartered 
corporations. Rather, FHFA intends that the entities would look to 
their chosen body of law to address any governance or indemnification 
issues that may arise and for which no federal laws control.

[[Page 4417]]

    The proposed regulation also includes a provision dealing with 
indemnification, which is derived from FHFA's regulations governing the 
Office of Finance, 12 CFR 1273.7(i)(3), and from the OFHEO 
indemnification provisions at 12 CFR 1710.20. The proposed provision 
would state that a regulated entity shall indemnify its directors, 
officers, and employees under terms and conditions to be determined by 
the board, subject to any limitations in federal law or the law of the 
jurisdiction designated for an entity's corporate governance practices. 
The proposal further requires each entity to have policies and 
procedures regarding the indemnification of its directors, officers, 
and employees, which must address how the board of directors is to 
decide on requests for indemnification, and must include standards 
relating to indemnification, investigations by the board of directors, 
and review by independent counsel. The proposal also authorizes FHFA to 
review an entity's indemnification policies, procedures, and practices, 
and carries over a provision of the OFHEO regulation that authorized it 
to limit or prohibit indemnification payments for reasons of safety and 
soundness. Under that latter provision, FHFA could limit or prohibit 
indemnification payments to any person found to have violated any law 
or regulation, breached any material elements of the entity's bylaws or 
code of conduct, or engaged in grossly negligent actions.
    FHFA is proposing to make these provisions applicable to the Banks 
because there are benefits to having all regulated entities follow the 
same regulatory standard with respect to their corporate governance and 
indemnification practices, and because there currently is no definitive 
guidance for the Banks on this matter. The indemnification provision 
explicitly states that it is subject to the other provisions of the 
regulation, one of which provides that the corporate governance and 
indemnification practices must comply with the authorizing statutes and 
any other applicable federal statutes or regulations. That means that a 
regulated entity's ability to indemnify its directors, officers, and 
employees will be subject to any limitations that FHFA imposes through 
its separate indemnification regulations or through this provision, 
regardless of what the chosen state law may provide.
Duties and Responsibilities of Board Members (1239.4)
    Section 1293.4 of the proposed rule would set forth certain basic 
duties and responsibilities of directors of a regulated entity. This 
provision states that the ultimate responsibility for managing a 
regulated entity lies with the board of directors. It also requires 
directors to, among other things: (1) Act in good faith and with due 
care, in the best interest of the regulated entity, and in a fair and 
impartial manner; (2) direct the affairs of an entity in a manner 
consistent with applicable statutes and regulations; (3) have a working 
familiarity with basic finance and accounting practices; and (4) adopt 
bylaws governing the manner in which the regulated entity administers 
its affairs. Directors must also put in place policies relating to the 
board's oversight of risk management, compensation, financial 
reporting, and responsiveness to FHFA supervisory concerns.
    The text of the proposed regulation consists mostly of provisions 
carried over from Finance Board regulation (Sec.  917.2) and, to a 
lesser extent, OFHEO regulation (Sec.  1710.15). The proposed rule 
would carry over nearly all of the provisions of (Sec.  917.2) of the 
Finance Board regulations, and the substance of the existing OFHEO 
regulations located at 12 CFR 1710.15(b)(3), (5), and (7). Those OFHEO 
provisions require the boards of directors to have policies in place to 
assure their oversight of compensation programs, disclosures to 
shareholders and investors, and responsiveness to regulatory inquiries. 
The proposed rule would add a provision requiring the boards to have 
policies in place to assure their oversight of risk management, in 
light of the importance of risk management policies and controls to the 
safe and sound operation of the entities. FHFA is proposing not to 
carry over certain other OFHEO regulations that require the boards to 
have in place policies to assure their oversight of corporate strategy, 
hiring and retention of qualified senior executive officers, integrity 
of financial reporting, and extensions of credit to board members. See 
12 CFR 1710.15(b)(1)-(2), (4), and (6). FHFA believes that these topics 
are covered adequately elsewhere. The proposed rule also would repeal 
1710.15(a) and (c), which state the purpose of those OFHEO regulations 
and direct Enterprise board members to their chosen body of corporate 
law, as well as to OFHEO pronouncements, for additional guidance on 
these topics. FHFA believes that these matters need not be explicitly 
stated in the regulation.
Board Committees (1239.5)
    The last section in subpart B deals with committees of the board of 
directors, and is derived principally from Sec.  1710.12 of the OFHEO 
regulations. The proposed regulation would require each regulated 
entity to have certain specified committees of the board of directors 
and would authorize the entities to establish any other committees they 
deem appropriate. Each entity would be required to have committees of 
the board of directors that are responsible for each of the following 
matters: (1) Risk management; (2) audit; (3) compensation; and (4) 
corporate governance. The rule would not require the entities to 
establish committees with those specific names, only that they 
establish committees that are responsible for overseeing those matters. 
The proposed rule also would provide that the risk management committee 
and the audit committee cannot be combined with any of the other 
committees. The proposal would further require that each committee have 
a formal written charter and that it meet with sufficient frequency to 
carry out its responsibilities. The regulation retains, for the 
Enterprises only, an OFHEO provision requiring Enterprise audit 
committees to comply with certain provisions of section 301 of the 
Sarbanes-Oxley Act (SOA), which relates to audit committees of public 
companies, and that the audit committee and other Enterprise committees 
also comply with applicable provisions of the rules of the New York 
Stock Exchange (NYSE). That is the only provision in this proposed 
regulation that would not apply to the Banks. Because the Federal Home 
Loan Bank Act (Bank Act) mandates that a majority of a Bank's board of 
directors be officers or directors of the Bank's members, these 
directors may not meet the independence criteria in both of the 
relevant SOA and NYSE provisions for audit committee members. Indeed, 
nine of the Banks have disclosed in their federal securities law 
filings that the member directors who serve on the Banks' audit 
committees did not meet the NYSE independence requirement because the 
member had a ``material relationship'' with the Bank or failed the 
NYSE's revenue test.\2\
---------------------------------------------------------------------------

    \2\ Under NYSE rules, an employee of a Bank member would not be 
considered independent for purposes of serving on the audit 
committee if: (1) The member has made interest payments to the Bank 
exceeding the greater of $1 million or 2 percent of the Bank's gross 
annual revenue in any of the past three fiscal years; or (2) if the 
Bank has purchased loans from the member in an amount exceeding the 
greater of $1 million or 2 percent of the member's gross annual 
revenue in any of the past three fiscal years. In addition, an 
officer of a Bank member is not considered independent if the member 
has a ``material relationship'' with the Bank. The rules list a 
banking relationship as an example of a type of relationship that 
can constitute a material relationship. The board of directors of 
the Bank is responsible for determining whether a relationship is 
``material'' after ``broadly'' considering all relevant facts and 
circumstances. See NYSE Listed Company Manual Sect. 303A.02 and 
303A.07(a).
    Under SOA section 301, an audit committee director is not 
considered independent if the director is an ``affiliated person'' 
of the Bank. The Securities Exchange Act of 1934 defines 
``affiliated person'' as a person who owns, directly or indirectly, 
or controls 5% of the voting securities of the Bank. A member 
director does not directly own voting securities of a Bank but may 
be deemed to indirectly own or control the securities under certain 
scenarios (e.g., if the member director owns 25% of the voting 
securities of the member). See 15 U.S.C. 78c(a)(19) and 78j-1. Under 
SEC rule 10A-3, promulgated pursuant to SOA section 301, an audit 
committee director is considered ``affiliated'' if the director 
directly or indirectly ``controls'' the Bank. Under rule 10A-3, a 
person will be deemed not to have ``control'' if the person, 
directly or indirectly, owns 10% or less of the voting securities of 
the Bank. See 17 CFR 240.10A-3. Nine of the Banks have stated in 
their federal securities laws filings that all members of their 
audit committees have satisfied the independence requirements under 
SEC rule 10A-3.

---------------------------------------------------------------------------

[[Page 4418]]

    The substance of the proposed rule differs slightly from OFHEO 
regulation Sec.  1710.12 in that it requires each board to have a 
committee dealing with risk management. The OFHEO rule mandates that 
the Enterprises have the other three committees mentioned above. There 
is no equivalent Finance Board regulation. FHFA believes that, 
consistent with current best practices, it is appropriate to add the 
risk management committee to the list of required committees and to 
make this regulation applicable to the Banks as these four areas are 
crucial to the safe and sound operation of all regulated entities.
    FHFA also has considered whether the proposed rule should require 
the board of directors of each regulated entity to have an executive 
committee, in addition to the other four committees that would be 
required by the proposed rule. FHFA requests comments on whether it 
would be appropriate for the regulations to require the establishment 
of executive committees as a matter of course and, if so, what powers 
should be delegated to those committees. An executive committee that is 
authorized to exercise the powers of the full board of directors could 
enhance the efficiency of the board's operations, particularly at Banks 
that have large boards of directors. FHFA also requests comment on 
whether the need for an executive committee, or the benefits from 
having such a committee, would be any greater in the case of a Bank 
that results from the merger of two other Banks. In such cases, 
statutory provisions that cause the resulting Bank to have a very large 
board of directors also may make board operations more cumbersome and 
thus less efficient. To the extent that an executive committee may 
address matters that otherwise would have been addressed by the full 
board, FHFA requests comments on what limitations might be appropriate 
to ensure that the ability of those directors who are not on the 
executive committee to exercise their own fiduciary duties is not 
compromised.

C. Subpart C--Other Requirements Applicable to All Regulated Entities

    Subpart C includes four provisions that relate to certain other 
matters that FHFA believes should apply to all of the regulated 
entities, but are not the type of governance provisions that are 
included in Subpart B. These provisions address: (1) Code of conduct; 
(2) risk management; (3) compliance programs; and (4) regulatory 
reports. The substance of these provisions is derived from parts 914, 
917, and 1710 of the Finance Board and OFHEO regulations, respectively, 
except for the risk management provision, which has been rewritten in 
its entirety to better align it with supervisory expectations for sound 
risk management.

Code of Conduct (1239.10)

    The first regulation in Subpart C requires each regulated entity to 
establish a written code of conduct for directors, executive officers, 
and employees that is designed to ensure that they discharge their 
duties in an objective and impartial manner. The code of conduct must 
include standards set forth in section 406 of the SOA, which address 
promoting: (1) Honest and ethical conduct, including the handling of 
conflicts of interest between personal and professional relationships; 
(2) full, fair, accurate, timely, and understandable disclosures in 
periodic reports filed with the Securities and Exchange Commission 
(SEC); and (3) compliance with applicable rules and regulations. In 
addition, each regulated entity must review the code at least once 
every three years and make any necessary revisions. The requirements of 
proposed Sec.  1239.10 are being relocated from OFHEO regulation Sec.  
1710.14 without any substantive changes, and are being made applicable 
to the Banks as well as the Enterprises. FHFA believes that a code of 
conduct is an important tool to ensure the safe and sound operation of 
a regulated entity and therefore is proposing to extend the 
requirements of this provision to the Banks.
Risk Management (1239.11)
    Both the Finance Board and OFHEO regulations include provisions 
dealing with the issue of risk management responsibilities of the 
boards of directors. See 12 CFR 917.3 and Sec.  1710.19(b). In 
reviewing both of those provisions, FHFA determined that they may no 
longer reflect the current best risk management practices and concepts. 
Based in part on more recent proposals of the Federal Reserve Board,\3\ 
FHFA is proposing to adopt a new risk management regulation for all of 
the regulated entities, which would supplant the existing Finance Board 
and OFHEO regulations. The proposed risk management provision would 
require a regulated entity to adopt an enterprise-wide risk management 
program that aligns the entity's overall risk profile with its 
strategic plan and mission objectives. The regulation also would 
require that the risk management program address the regulated entity's 
risk profile and risk exposure. The program also would have to include 
appropriate risk limitations, risk management practices, and compliance 
monitoring provisions, while specifying management's authority and 
independence to carry out its risk management responsibilities.
---------------------------------------------------------------------------

    \3\ See Enhanced Prudential Standards and Early Remediation 
Requirements for Covered Companies, Board of Governors of the 
Federal Reserve System, 77 FR 594 (Jan. 5, 2012).
---------------------------------------------------------------------------

    The proposed rule would require each regulated entity to have a 
risk committee and that it be established pursuant to a written charter 
approved by the full board of directors. The risk committee also would 
have to be chaired by a director that does not serve in a management 
capacity. That provision would effectively apply only to the 
Enterprises because the boards of the Banks do not have any management 
representatives. The committee must have at least one member with risk 
management expertise and all members must have an understanding of risk 
management principles and experience developing and applying risk 
management practices, identifying risks, and monitoring risk controls 
for financial services organizations. The proposal would require the 
committee to meet regularly and report directly to the board of 
directors, and would provide that the committee is responsible for 
documenting and overseeing the risk management policies and practices, 
reviewing and approving the risk management program, and reviewing 
regular reports from the chief risk officer (CRO).
    The proposed rule would require each regulated entity to appoint a 
CRO, who would be responsible for the risk management function. The 
proposed

[[Page 4419]]

rule would specify certain responsibilities of the CRO, which would 
include: (1) Allocating delegated risk limits; (2) establishing 
appropriate policies, processes, and systems to identify and report 
risks; (3) managing risk exposures and controls; and (4) reporting risk 
management issues directly and regularly to the risk committee and the 
chief executive officer. The CRO also must have risk management 
expertise commensurate with the regulated entity's capital structure, 
risk profile, complexity, activities, and size. The board would be 
required to structure the CRO's compensation in such a manner as to 
provide for an objective and independent assessment of the risks taken 
by the regulated entity.
Compliance Program (1239.12)
    This provision of the proposed rule would require the regulated 
entities to establish a compliance program headed by a compliance 
officer and would set forth criteria for the program. These provisions 
would be carried over, with modest conforming changes, from OFHEO 
regulation Sec.  1710.19, and thus would be new only for the Banks. The 
compliance program to be established under this provision must be 
reasonably designed to ensure that the regulated entity complies with 
applicable laws, rules, regulations, and internal controls. In addition 
to reporting directly to the chief executive officer, the compliance 
officer must report regularly to the entity's board of directors (or a 
committee thereof) on the adequacy of the entity's compliance policies 
and procedures, and must recommend any appropriate adjustments to those 
policies or procedures. Other provisions of the OFHEO regulation, at 
Sec.  1710.19(b) and (c), which deal with risk management and 
registration of Enterprise stock under the federal securities laws, 
would be repealed as either being addressed elsewhere or no longer 
being relevant.
Regulatory Reports (1239.13)
    The last section of Subpart C would require each regulated entity 
to provide FHFA with such regulatory reports as are necessary for it to 
evaluate the condition of a regulated entity, or compliance with 
applicable law, and to do so in accordance with the forms and 
instructions issued by FHFA from time to time. This provision would be 
relocated, with only minor non-substantive changes, from the Finance 
Board regulations at 12 CFR 914.1 and 914.2. FHFA has the statutory 
authority to compel all regulated entities to submit the reports 
described in Sec.  1239.13. 12 U.S.C. 4514. Therefore, applying this 
provision to all regulated entities would not impose any new burdens on 
the Enterprises, but would serve to highlight the importance of timely 
and accurate data reporting.

D. Enterprise-Specific Requirements (Subpart D)

    Subpart D of the proposed rule would carry over two OFHEO 
regulations relating to: (1) Eligibility requirements for the board of 
directors of the Enterprises and conduct of their board meetings; and 
(2) compensation for Enterprise directors. The first provision is 
substantively identical to the current OFHEO regulation Sec.  1710.11, 
while the second provision is based on Sec.  1710.13, with minor 
changes that eliminate portions relating to compensation of executive 
officers and employees, which are no longer necessary. Neither of these 
two provisions would be applied to the Banks because section 7 of the 
Bank Act, 12 U.S.C. 1427, already establishes eligibility requirements 
and mandates a specific composition of Bank boards between member 
directors and independent directors, and because section 7 and 12 CFR 
part 1261 of the FHFA regulations already include provisions governing 
compensation for directors of the Banks.
Enterprise Board of Director Requirements (1239.20)
    The first provision of Subpart D addresses age and term limits for 
individual Enterprise board members and requires that a majority of the 
directors be independent, as defined under the rules of the NYSE. It 
also addresses the frequency of Enterprise board meetings, quorum 
requirements, and voting by directors. These provisions are being 
carried over from Sec.  1710.11 without substantive change and would 
apply only to the Enterprises. In addition, proposed Sec.  1239.20 
includes a new provision that would prohibit the chief executive 
officer (CEO) of an Enterprise from also serving as the chairman of the 
board of directors. FHFA is proposing to add this requirement in order 
to promote the board of directors' oversight of senior management. By 
separating the two positions, FHFA intends to preclude the possibility 
that a CEO would have an opportunity to unduly influence the full board 
of directors by virtue of holding the chairman's position.
Compensation of Enterprise Board Members (1239.21)
    The second provision of Subpart D states that Enterprise director 
compensation must be reasonable and appropriate for the time required 
for the performance of their duties. This provision is based on Sec.  
1710.13 of the OFHEO regulations, which addresses compensation of 
Enterprise board members, as well as Enterprise officers and employees. 
The proposed rule would differ from the OFHEO rule in that it would 
apply only to compensation paid to the directors of an Enterprise. 
Because FHFA has recently adopted an interim rule addressing executive 
compensation matters for the Banks and the Enterprises, there is no 
longer any need to address the matter of executive compensation in 
these provisions. As for non-executive employees, FHFA believes that a 
separate regulation is not necessary as those salaries will be set by 
an entity's executives, whose compensation is subject to FHFA review.

E. Subpart E--Bank-Specific Requirements

    Subpart E of the proposed rule would carry over from the Finance 
Board regulations five provisions that address a Bank's: (1) Member 
products policy; (2) strategic business plan; (3) internal control 
system; (4) audit committee; and (5) dividends. The proposed provisions 
derive from current Finance Board regulations on these topics, which 
will be relocated to subpart E with only minor and conforming changes. 
As discussed in more detail below, FHFA believes that three of these 
provisions--regarding the member products policy, business plan, and 
dividends--are unique to the Banks and thus should not be applied to 
the Enterprises. Although FHFA is proposing to include the Finance 
Board provisions on internal controls and audit committees in the 
``Bank specific'' portion of the rule, it also is requesting comment on 
whether it would be appropriate to revise those provisions so that they 
could be applied to both the Banks and the Enterprises.
Bank Member Product Policy (1239.30)
    Finance Board regulations require each Bank to have a member 
products policy that addresses the Bank's management of products 
offered to members and housing associates. See 12 CFR 917.4. Under that 
provision, a Bank's board of directors must review the policy annually, 
amend it as appropriate, and readopt it at least every three years. The 
policy must address certain specified topics, which are: (1) Credit 
underwriting criteria; (2) levels of collateralization; (3) fees and 
product pricing; (4) maintenance of appropriate systems, procedures, 
and internal controls; and (5) maintenance of appropriate operational 
and personnel

[[Page 4420]]

capacity. The proposed rule would simply relocate the existing Finance 
Board regulations without substantive change.
Strategic Business Plan (1239.31)
    Finance Board regulations also require each Bank's board of 
directors to adopt a strategic business plan that describes how each 
Bank will achieve its housing finance mission, and how each Bank 
establishes goals and objectives for each of its business activities. 
See 12 CFR Sec.  917.5. The plan must also: (1) Discuss how a Bank will 
address credit needs and market opportunities; (2) establish 
quantitative performance goals for Bank products related to multi-
family housing, small business, small farm, and small agri-business 
lending; (3) describe proposed new business activities; and (4) be 
supported by appropriate research and analysis of market developments 
and member demand for products. Each Bank's board of directors must 
review the plan at least annually, readopt it at least every three 
years, and establish management reporting requirements and monitor 
implementation. The proposed rule would simply relocate this regulation 
without substantive change to the FHFA regulations. FHFA is not 
proposing to extend it to the Enterprises because their strategic 
objectives are subject to FHFA control as a result of the 
conservatorships.
Internal Control System (1239.32)
    The proposed rule would carry over, without substantive change, the 
Finance Board regulation dealing with internal control systems at the 
Banks. See 12 CFR 917.6. The current Finance Board regulation requires 
each Bank to establish and maintain an effective internal control 
system that addresses: (1) The efficiency and effectiveness of Bank 
activities; (2) the safeguarding of Bank assets; (3) the reliability, 
completeness, and timely reporting of financial and management 
information; and (4) compliance with applicable laws, regulations, 
policies, and management and board directives. The regulation sets 
forth detailed responsibilities of senior management and the board of 
directors with respect to internal controls. This regulation would not 
apply to the Enterprises, as many of the detailed requirements in the 
provision are specific to the Banks and reflect their unique structure.
    Nonetheless, the topic of internal controls is one that is relevant 
to both the Banks and the Enterprises, and FHFA is considering whether 
it should adopt a regulation on internal controls that would apply to 
all of the regulated entities. Accordingly, FHFA specifically requests 
public comment on the following questions:
    1. In what manner should FHFA revise the content of Sec.  917.6 so 
that it could be applied to all regulated entities, and what specific 
revisions to the regulatory text would be needed to accomplish that 
objective?
    2. What regulatory approach would be best suited for addressing the 
topic of internal controls at the Banks and Enterprises, one based on 
general principles, or one that includes detailed requirements that 
prescribe particular steps that an entity should take in creating and 
operating a system of internal controls?
    3. If FHFA were to adopt a more prescriptive approach to a 
regulation on internal controls, is the current approach, which 
separately addresses the requirements of an internal control system, 
the responsibilities of the board, and the responsibilities of 
management, appropriate?
    4. If FHFA were to adopt a more principles-based approach to 
internal controls, what principles would be necessary to assure that 
regulated entities would establish and maintain an effective system of 
internal controls?
    5. What amendments to the regulation or the Prudential Standards 
would be most appropriate to ensure that they complement each other 
with respect to the entities' internal control systems?
    6. Should the proposed Sec.  1239.32(a)(iv) retain the requirement 
that the internal control system must ensure that the entity complies 
with all applicable laws and regulations if the proposed rule will 
separately require that the entities establish a compliance program to 
address that same topic?
    7. Are there any types of internal control requirements that would 
be unique to either the Banks or the Enterprises and could not readily 
be applied to the other entities?
Audit Committee (1239.33)
    The proposed rule also would carry over without substantive change 
the provisions of the Finance Board regulations dealing with Bank audit 
committees. See 12 CFR 917.7. Those provisions would set forth 
requirements relating to the composition of the audit committee and the 
content of the audit committee charter. They would also require that 
the audit committee members be independent and establish certain 
independence criteria. The proposal would retain the provision 
requiring the audit committee to include a balance of representatives 
of community financial institutions and other members, as well as 
independent directors and member directors. The audit committee would 
be required to have a charter that covers the selection and retention 
of the internal auditor and reporting channels for the auditor. The 
regulation also lists numerous duties of the audit committee, 
including: (1) Directing senior management to maintain the reliability 
and integrity of the accounting policies; (2) reviewing the basis for 
the Bank's financial statements and the external auditor's opinion; (3) 
overseeing the audit function; and (4) conducting or authorizing 
investigations.
    The Finance Board regulation on Bank audit committees reflects the 
unique structure of the Banks as member-owned cooperatives whose boards 
of directors include a majority of member directors that also serve as 
officers or directors of their member institutions. Because the board 
structure of the Banks is unique and differs so much from that of the 
Enterprises, FHFA believes that it is appropriate to retain the Bank-
specific regulations for the Banks' audit committees. FHFA is not 
proposing to impose these requirements on the Enterprises because of 
those differences and because the Enterprises are separately required 
(by the OFHEO regulations and by this proposed rule) to comply with the 
audit committee requirements of section 301 of the SOA and the rules of 
the NYSE.
    Nonetheless, the topic of audit committees is one that is relevant 
to both the Banks and the Enterprises, and FHFA requests comments on 
the following questions:
    1. By carrying over the existing Finance Board and OFHEO 
regulations, the proposed rule would effectively retain the two 
distinct regulatory approaches embodied in the current rules, i.e., 
OFHEO's approach of using a cross-reference to the SOA audit committee 
provisions and the Finance Board's approach of using the considerably 
more detailed regulatory provisions to address audit committee 
responsibilities. FHFA requests comment on whether it should continue 
this arrangement or whether it should develop one rule on audit 
committees that would apply to both the Banks and the Enterprises. FHFA 
also requests comment on how a single rule should be structured, i.e., 
whether it should adopt the approach of the current OFHEO regulations, 
the approach of the Finance Board regulations, or some other approach.
    2. If FHFA were to retain the substance of the current Finance 
Board rule for Bank audit committees (either for the Banks or for the 
Banks and the Enterprises), FHFA requests comments

[[Page 4421]]

on how it could modify the provisions of that rule (which would be 
located at Sec.  1239.33 of this proposal) to make them more 
streamlined while also providing sufficient guidance to the regulated 
entities to ensure that the audit committees function in an independent 
and efficient manner.
    3. With respect to the independence requirement of the current 
Finance Board regulation, FHFA requests comments on whether it should 
add a new provision that would deem a member director to not be 
``independent'' for audit committee purposes if the member institution 
at which that director is employed were to have more than a specified 
percentage of the Bank's outstanding capital stock or the Bank's total 
advances. FHFA also requests comments regarding the level at which a 
member's Bank stock or advances could be considered to be too high for 
that member's representative to be deemed sufficiently independent to 
serve on the Bank's audit committee.\4\
---------------------------------------------------------------------------

    \4\ For example, the Federal Deposit Insurance Corporation 
prohibits ``large customers'' from serving on the audit committee of 
a regulated institution that has total assets of more than $3 
billion at the beginning of the fiscal year. ``Large customer'' is 
defined as ``any individual or entity (including a controlling 
person of any such entity) which, in the determination of the board 
of directors, has such significant direct or indirect credit or 
other relationships with the institution, the termination of which 
likely would materially and adversely affect the institution's 
financial condition or results of operations . . .'' See 12 CFR 
Sec.  363.5(b) and Appendix A to 12 CFR 363.
---------------------------------------------------------------------------

    4. With respect to the composition of Bank audit committees, which 
must include a balance of representatives from community financial 
institutions and other members, and of independent and member 
directors, FHFA requests comment on whether that provision remains 
optimal or whether the regulation should require any other requirements 
relating to audit committee composition, such as requiring a majority 
of the committee members to be independent directors.
    5. With respect to the relationship between the audit committee 
regulations and the Prudential Standards, FHFA requests comment on how 
best to coordinate the audit committee regulations with the provisions 
of Standard 2, which also addresses audit committees, whether FHFA 
should address audit committee requirements entirely within either the 
regulations or the standards, and what matters would be more 
appropriately addressed in a regulation or in the Prudential Standards.
Bank Dividends (1239.34)
    The last regulation in Subpart E would carry over with only modest 
revisions a Finance Board regulation addressing Bank dividends. See 12 
CFR 917.9. Among other things, that provision prohibits a Bank's board 
of directors from declaring or paying a dividend based on projected or 
anticipated earnings or if the par value of the Bank's stock is 
impaired, or would become impaired as a result of paying the dividend. 
The proposed rule would not carry over two provisions from Sec.  917.9 
whose content either is addressed in another regulation or relates to 
statutory provisions that are no longer in effect. FHFA is proposing 
not to apply this provision to the Enterprises, in part because it 
carries out provisions of the Bank Act that apply only to the Banks and 
in part because Enterprise dividends during conservatorship are 
governed by the senior preferred stock purchase agreements.

F. Provisions To Be Repealed

    As noted above, there are several portions of 12 CFR part 917 and 
12 CFR part 1710 that have become obsolete or are no longer necessary, 
and FHFA is proposing to repeal them as part of this rulemaking. The 
repealed provisions consist of: (1) Several OFHEO regulations that 
impose requirements substantively identical to those found in the SOA; 
(2) an OFHEO regulation that reserves the right of FHFA to amend its 
regulations; (3) an OFHEO regulation that states that FHFA has the 
authority under the Safety and Soundness Act to prohibit or restrict 
indemnification of board members and executives of the Enterprises; (4) 
portions of the OFHEO regulation relating to the responsibilities of 
boards of directors that address matters that are covered by the 
Prudential Standards; and (5) a Finance Board regulation that requires 
Banks to prepare annual budgets.
SOA Provisions
    OFHEO regulations at Sec.  1710.13(b), Sec.  1710.16, Sec.  
1710.17, Sec.  1710.18, and Sec.  1710.19(c) are substantively 
identical to requirements found in the SOA, which apply to the Banks 
and Enterprises as registered issuers under the federal securities 
laws.\5\ These regulations address reimbursement of compensation paid 
to an Enterprise CEO or CFO in cases of accounting restatements due to 
material noncompliance with financial reporting requirements, 
prohibitions on extensions of credit to Enterprise board members and 
executives, certification of quarterly and annual financial statements 
by the CEO and CFO, audit partner rotation, and registration and 
deregistration of securities. Because the Enterprises and the Banks are 
subject to the corresponding SOA statutory provisions, there is no need 
to repeat those requirements in the FHFA regulations.
---------------------------------------------------------------------------

    \5\ Section 1112 of HERA requires the Banks to maintain 
registration of their common stock with the SEC and states that 
equity securities of the Enterprises are not exempt from SEC 
registration requirements.
---------------------------------------------------------------------------

Board of Directors
    As noted previously, Sec.  1710.15 of the OFHEO regulations 
addresses the conduct and responsibilities of Enterprise directors, and 
FHFA is proposing to carry over certain of those provisions into Sec.  
1239.4 of the proposed rule. FHFA also is proposing to repeal the 
remaining portions of Sec.  1710.15, which include the introductory 
language, language requiring directors to refer to state law and OFHEO 
pronouncements for additional guidance, several provisions requiring 
the board to have policies for overseeing corporate strategy, hiring of 
qualified senior executives, financial reporting, and extensions of 
credit to board members. FHFA believes that these matters are 
adequately addressed in other provisions of the proposed rule or in the 
Prudential Standards, and need not be adopted as FHFA regulations.
Budget Preparation
    Finance Board regulation Sec.  917.8 requires Banks to adopt an 
operating and a capital expenditures budget annually. FHFA believes 
that the adoption of a budget is a basic duty already encompassed in a 
director's duty to act in good faith and with care in overseeing the 
affairs of a Bank. Therefore, FHFA is not proposing to carry this 
Finance Board provision over into the FHFA regulations.
Part 1720
    As noted previously, FHFA is proposing to repeal 12 CFR part 1720 
of the OFHEO regulations, which established certain safety and 
soundness standards for the Enterprises, because those matters are 
addressed by the Prudential Standards and by certain parts of this 
proposed rule.

IV. Prudential Standards

    The introductory section of the Prudential Standards, which appears 
immediately before the enumerated 10 standards, recites general 
responsibilities of the boards of directors and senior management of 
the regulated entities, as they relate to the matters addressed by the 
individual standards. FHFA is proposing to explicitly state that this 
introductory

[[Page 4422]]

section is part of the standards, which means that the introductory 
provisions would have the same effect and could be enforced in the same 
manner as the 10 enumerated standards. To do this, FHFA is proposing to 
amend the definition of the term ``standards,'' which appears in 12 CFR 
1236.2, by adding an explicit statement that the Prudential Standards 
consist of both the introductory section and the existing enumerated 
standards. FHFA is also proposing to revise the Prudential Standards by 
relocating a sentence that appears immediately after the introductory 
language and immediately before the 10 enumerated standards, that reads 
as follows: ``The following provisions constitute the prudential 
management and operations standards established pursuant to 12 U.S.C. 
4513b(a).'' FHFA would relocate this sentence to the beginning of the 
Prudential Standards and immediately before the existing introductory 
language regarding director and senior management responsibilities. 
FHFA is proposing these amendments to ensure that it can use the 
remedial provisions of the Prudential Standards to address corporate 
governance deficiencies at the regulated entities, as they may relate 
to the individual standards, should FHFA believe that those provisions 
will be more effective than its other administrative enforcement 
authorities.

Harmonization of the Prudential Standards and FHFA Regulations

    The Prudential Standards address certain topics that also are 
covered by the existing regulations and would continue to be covered by 
the proposed regulations, which results in a degree of regulatory 
overlap. Despite that overlap, there are meaningful differences between 
the two provisions, some of which may be appropriate to preserve. One 
key difference is that because the Prudential Standards have been 
adopted as guidance, they do not have the force and effect of law, as 
do the regulations addressing the same topics. For that reason, the 
Prudential Standards may be enforced only by the remedial authorities 
in the Prudential Standards statute, and not through the agency's 
administrative enforcement powers, which can be used to enforce 
regulations, unless a regulated entity's failure to meet a prudential 
standard rises to the level of an unsafe or unsound practice. FHFA is 
not proposing to address in this regulation all of the potential areas 
of overlap between the Prudential Standards and the regulations, but 
does intend to initiate a separate project to identify any regulations 
that address topics that are also covered by the Prudential Standards, 
or would more appropriately be covered by a Prudential Standard. To aid 
it in that undertaking, FHFA is requesting comments on how it may best 
integrate and harmonize its regulations and the Prudential Standards, 
particularly with respect to the seven topics described below.
    General Duties of Boards of Directors. To certain degrees, both the 
Prudential Standards and the regulations address the general 
responsibilities of the boards of directors of the regulated entities. 
Within the Standards, the first three principles of the introductory 
section address certain director responsibilities, as they relate to 
the subject matter of each of the Prudential Standards, such as 
adopting business strategies and policies, overseeing management, and 
remaining informed about the operations and condition of a regulated 
entity. The proposed regulation, at Sec.  1239.4, also would address 
the duties and responsibilities of the boards of directors, albeit in a 
more global sense, i.e., not simply in relation to the subject matter 
of the 10 prudential standards.
    Board Briefings. Principles seven and eight of the introductory 
section of the Prudential Standards require management to provide the 
board of directors with periodic reports on the entity's condition and 
performance. This is similar to proposed Sec.  1239.20(b)(4), which 
would apply only to the Enterprise and requires management to provide 
boards with information that is necessary to allow the directors to 
fulfill their fiduciary duties.
    Audit Committee Responsibilities. Several provisions of the 
Prudential Standards, paragraphs 2.1, 2.3-2.7, and 2.9-2.10, address 
audit committee responsibilities, including establishing policies for 
and overseeing the internal audit function, evaluating the 
effectiveness of the internal audit function, addressing internal audit 
issues, and ensuring that audit department personnel are competent and 
properly trained. Section 1239.33 of the proposed rule, which is based 
on a Finance Board regulation and would apply only to the Banks, also 
addresses certain of these same topics.
    Risk Management. Although the Prudential Standards do not address 
specific duties of the risk committee or the CRO, Standards 8.2, 8.4-
8.5, 8.7, 8.9-8.10, and principles nine and 10 of the introductory 
section do require a regulated entity to have a risk management program 
that is capable of addressing a number of the topics. Certain of those 
topics are also addressed in Sec.  1239.11 of the proposed rule. In 
addition, both Sec.  1239.11 and the Prudential Standards provide that 
the CRO should report to the CEO and the risk committee.
    Internal Controls. Prudential Standards 1.1, 1.3-1.8, 1.10, and 
1.14-1.15 require regulated entities to have an adequate and effective 
system of internal controls, including a board-approved organizational 
structure that clearly assigns responsibilities and reporting 
relationships. Under those provisions, a regulated entity also must 
establish and monitor appropriate internal control policies. These same 
topics and related concepts are also addressed in Sec.  1239.32, which 
is based on an existing Finance Board regulation and would apply only 
to the Banks.
    Code of Conduct. Principle nine of the introductory section of the 
Prudential Standards states that board members and senior management of 
a regulated entity should conduct themselves in a manner to promote 
high ethical standards and establish a culture of compliance throughout 
the organization. Section 1239.10, which would apply to all regulated 
entities, also addresses the topic of codes of conduct and ethics.
    Compliance with Laws and Regulations. Prudential Standards 1-5 and 
8-10 each contain a paragraph that states that, with respect to the 
subject matter addressed by that standard, a regulated entity should 
comply with all applicable laws, regulations, and supervisory guidance. 
The subject of regulatory compliance is also addressed in Sec.  
1239.12, which requires each entity to have a compliance program.
    With respect to each of those topics described above, FHFA requests 
comments on whether there are any direct conflicts between the 
regulations and the standards, i.e., situations in which an entity 
cannot practicably comply with both the regulation and the standard. 
FHFA also requests comments on how it should strike the balance for 
each of those topics with respect to what issues should be addressed by 
regulation and what issues should be addressed by the Prudential 
Standards. FHFA further requests comments on the content of the 
particular regulations and standards, i.e., whether the current content 
remains appropriate, as well as the structure of the regulations or 
standards, i.e., whether they should address the underlying subject 
matter through a principles-based approach or through the more 
prescriptive approach reflected in the current Finance Board 
regulations.

[[Page 4423]]

V. Paperwork Reduction Act

    The proposed regulation does not contain any information collection 
requirement that requires the approval of the Office of Management and 
Budget under the Paperwork Reduction Act (44 U.S.C. 3501 et seq.).

VI. Regulatory Flexibility Act

    The Regulatory Flexibility Act (5 U.S.C. 601 et seq.) requires an 
agency to analyze a proposed regulation's impact on small entities if 
the final rule is expected to have a significant economic impact on a 
substantial number of small entities. 5 U.S.C. 605(b). FHFA has 
considered the impact of this regulation and determined that it is not 
likely to have a significant economic impact on a substantial number of 
small entities because it applies only to the regulated entities, which 
are not small entities for purposes of the Regulatory Flexibility Act.

List of Subjects

12 CFR Part 914

    Federal Home Loan Banks, Reporting and recordkeeping requirements.

12 CFR Part 917

    Federal Home Loan Banks.

12 CFR Part 1236

    Administrative practice and procedure, Federal Home Loan Banks, 
Government-Sponsored Enterprises, Reporting and recordkeeping 
requirements.

12 CFR Part 1239

    Administrative practice and procedure, Federal Home Loan Banks, 
Government-Sponsored Enterprises, Reporting and recordkeeping 
requirements.

12 CFR Part 1710

    Administrative practice and procedure, Mortgages.

12 CFR Part 1720

    Administrative practice and procedure, Mortgages.
    Accordingly, for reasons stated in the Supplementary Information 
and under the authority of 12 U.S.C. 1426, 1427, 1432(a), 1436(a), 
1440, 4511(b), 4513(a), 4513(b), and 4526, FHFA hereby proposes to 
amend subchapter C of chapter IX, subchapter B of chapter XII, and 
subchapter C of chapter XVII of title 12 of the Code of Federal 
Regulations as follows:

CHAPTER IX--FEDERAL HOUSING FINANCE BOARD

Subchapter C--[Removed and Reserved]

0
1. Subchapter C, consisting of parts 914 and 917, is removed and 
reserved.

CHAPTER XII--FEDERAL HOUSING FINANCE AGENCY

Subchapter B--Entity Regulations

PART 1236--PRUDENTIAL MANAGEMENT AND OPERATIONS STANDARDS

0
2. The authority citation for part 1236 continues to read as follows:

    Authority: 12 U.S.C. 4511, 4513(a) and (f), 4513b, and 4526.

0
3. Amend Sec.  1236.2 by revising the definition of ``Standards'' to 
read as follows:


Sec.  1236.2  Definitions.

* * * * *
    Standards means any one or more of the prudential management and 
operations standards established by the Director pursuant to 12 U.S.C. 
4513b(a), as modified from time to time pursuant to Sec.  1236.3(b), 
including the introductory statement of general responsibilities of 
boards of directors and senior management of the regulated entities.

Appendix to Part 1236 [Amended]

0
4. Amend the appendix to part 1236 by removing the undesignated 
paragraph ``The following provisions constitute the prudential 
management and operations standards established pursuant to 12 U.S.C. 
4513b(a).'' following paragraph 10 under ``Responsibilities of the 
Board of Directors and Senior Management'' and adding it as 
introductory text to the appendix.
0
5. Part 1239 is added to read as follows:

PART 1239--RESPONSIBILITIES OF BOARDS OF DIRECTORS, CORPORATE 
PRACTICES, AND CORPORATE GOVERNANCE

Subpart A--General
Sec.
1239.1 Purpose.
1239.2 Definitions.
Subpart B--Corporate Practices and Procedures Applicable to All 
Regulated Entities
1239.3 Law applicable to corporate governance and indemnification 
practices.
1239.4 Duties and responsibilities of directors.
1239.5 Board committees.
Subpart C--Other Requirements Applicable to All Regulated Entities
1239.10 Code of conduct and ethics.
1239.11 Risk management.
1239.12 Compliance program.
1239.13 Regulatory reports.
Subpart D--Enterprise Specific Requirements
1239.20 Board of directors of the Enterprises.
1239.21 Compensation of Enterprise board members.
Subpart E--Bank Specific Requirements
1239.30 Bank member product policy.
1239.31 Strategic business plan.
1239.32 Internal control system.
1239.33 Audit committee.
1239.34 Dividends.

    Authority: 12 U.S.C. 1426, 1427, 1432(a), 1436(a), 1440, 
4511(b), 4513(a), 4513(b), and 4526.

Subpart A--General


Sec.  1239.1  Purpose.

    FHFA is responsible for supervising and ensuring the safety and 
soundness of the regulated entities. In furtherance of those 
responsibilities, this part sets forth minimum standards with respect 
to responsibilities of boards of directors, corporate practices, and 
corporate governance matters of the regulated entities.


Sec.  1239.2  Definitions.

    As used in this part (or, as otherwise noted):
    Authorizing statutes mean the Federal National Mortgage Association 
Charter Act and the Federal Home Loan Mortgage Corporation Act, which 
are codified at 12 U.S.C. 1716 through 1723i and 12 U.S.C. 1451 through 
1459, respectively, or the Bank Act, as applicable.
    Board member means a member of the board of directors of a 
regulated entity.
    Board of directors means the board of directors of a regulated 
entity.
    Business risk means the risk of an adverse impact on a regulated 
entity's profitability resulting from external factors as may occur in 
both the short and long run.
    Community financial institution has the meaning set forth in Sec.  
1263.1 of this chapter.
    Compensation means any payment of money or the provision of any 
other thing of current or potential value in connection with employment 
or service as a director.
    Credit risk is the potential that a borrower or counterparty will 
fail to meet its financial obligations in accordance with agreed terms.
    Employee means an individual, other than an executive officer, who 
works

[[Page 4424]]

part-time, full-time, or temporarily for a regulated entity.
    Executive officer means the chairperson or vice chairperson of the 
board of directors of an Enterprise; and, with respect to any regulated 
entity, the chief executive officer, chief financial officer, chief 
operating officer, president, any executive vice president, any senior 
vice president, and any individual with similar responsibilities, 
without regard to title, who is in charge of a principal business unit, 
division, or function, or who reports directly to the chairperson, vice 
chairperson, chief operating officer, or chief executive officer or 
president of a regulated entity.
    Immediate family member means a parent, sibling, spouse, child, 
dependent, or any relative sharing the same residence.
    Internal auditor means the individual responsible for the internal 
audit function at a regulated entity.
    Liquidity risk means the risk that a regulated entity will be 
unable to meet its financial obligations as they come due or meet the 
credit needs of its members and associates in a timely and cost-
efficient manner.
    Market risk means the risk that the market value, or estimated fair 
value if market value is not available, of a regulated entity's 
portfolio will decline as a result of changes in interest rates, 
foreign exchange rates, or equity or commodity prices.
    NYSE means the New York Stock Exchange.
    Operational risk means the risk of loss resulting from inadequate 
or failed internal processes, people, or systems, or from external 
events (including legal risk but excluding strategic and reputational 
risk).
    Significant deficiency means a deficiency, or a combination of 
deficiencies, in internal control that is less severe than a material 
weakness, yet important enough to merit attention by those charged with 
governance.
    SOA means the Sarbanes Oxley Act, Pub. L. 107-204 (2002).

Subpart B--Corporate Practices and Procedures Applicable to All 
Regulated Entities


Sec.  1239.3  Law applicable to corporate governance and 
indemnification practices.

    (a) General. The corporate governance practices and procedures of 
each regulated entity, and practices and procedures relating to 
indemnification (including advancement of expenses), shall comply with 
and be subject to the applicable authorizing statutes and other Federal 
law, rules, and regulations, and shall be consistent with the safe and 
sound operations of the regulated entities.
    (b) Election and designation of body of law. (1) To the extent not 
inconsistent with paragraph (a) of this section, each regulated entity 
shall elect to follow the corporate governance and indemnification 
practices and procedures set forth in one of the following:
    (i) The law of the jurisdiction in which the principal office of 
the regulated entity is located;
    (ii) The Delaware General Corporation Law (Del. Code Ann. Title 8); 
or
    (iii) The Revised Model Business Corporation Act.
    (2) Each regulated entity shall designate in its bylaws the body of 
law elected for its corporate governance and indemnification practices 
and procedures pursuant to this paragraph.
    (c) Indemnification. (1) Subject to paragraphs (a) and (b) of this 
section, to the extent applicable, a regulated entity shall indemnify 
(and advance the expenses of) its directors, officers, and employees 
under such terms and conditions as are determined by its board of 
directors. The regulated entity is authorized to maintain insurance for 
its directors and any other officer or employee.
    (2) Each regulated entity shall have in place policies and 
procedures consistent with this section for indemnification of its 
directors, officers, and employees. Such policies and procedures shall 
address how the board of directors is to approve or deny requests for 
indemnification from current and former directors, officers, and 
employees, and shall include standards relating to indemnification, 
investigations by the board of directors, and review by independent 
counsel.
    (3) Nothing in this paragraph shall affect any rights to 
indemnification (including the advancement of expenses) that a director 
or any other officer or employee had with respect to any actions, 
omissions, transactions, or facts occurring prior to the effective date 
of this paragraph.
    (4) FHFA has the authority under the Safety and Soundness Act to 
review a regulated entity's indemnification policies, procedures, and 
practices, and may limit or prohibit indemnification payments in 
furtherance of the safe and sound operations of the regulated entity.


Sec.  1239.4  Duties and responsibilities of directors.

    (a) Management of a regulated entity. The management of each 
regulated entity shall be vested in its board of directors. While 
boards of directors may delegate the execution of operational functions 
to officers and employees of the regulated entity, the ultimate 
responsibility of each entity's board of directors for that entity's 
management is non-delegable. The board of directors of a regulated 
entity is responsible for directing the conduct and affairs of the 
entity in furtherance of the safe and sound operation of the entity and 
shall remain reasonably informed of the condition, activities, and 
operations of the entity.
    (b) Duties of directors. Each director of a regulated entity shall 
have the duty to:
    (1) Carry out his or her duties as director in good faith, in a 
manner such director believes to be in the best interests of the 
regulated entity, and with such care, including reasonable inquiry, as 
an ordinarily prudent person in a like position would use under similar 
circumstances;
    (2) Administer the affairs of the regulated entity fairly and 
impartially and, for Bank directors, without discrimination in favor of 
or against any member institution;
    (3) At the time of election, or within a reasonable time 
thereafter, have a working familiarity with basic finance and 
accounting practices, including the ability to read and understand the 
regulated entity's balance sheet and income statement and to ask 
substantive questions of management and the internal and external 
auditors;
    (4) Direct the operations of the regulated entity in conformity 
with the requirements set forth in the authorizing statutes, Safety and 
Soundness Act, and this chapter; and
    (5) Adopt and maintain in effect at all times bylaws governing the 
manner in which the regulated entity administers its affairs. Such 
bylaws shall be consistent with applicable laws and regulations 
administered by FHFA, and with the body of law designated for the 
entity's corporate governance practices and procedures.
    (c) Director responsibilities. The responsibilities of the board of 
directors include having in place adequate policies and procedures to 
assure its oversight of, among other matters, the following:
    (1) The risk management and compensation programs of the regulated 
entity;
    (2) The processes for providing accurate financial reporting and 
other disclosures, and communications with stockholders; and
    (3) The responsiveness of executive officers in providing accurate 
and timely reports to FHFA and in addressing all supervisory concerns 
of

[[Page 4425]]

FHFA in a timely and appropriate manner.
    (d) Authority regarding staff and outside consultants. (1) In 
carrying out its duties and responsibilities under the authorizing 
statutes, the Safety and Soundness Act, and this chapter, each 
regulated entity's board of directors and all committees thereof shall 
have authority to retain staff and outside counsel, independent 
accountants, or other outside consultants at the expense of the 
regulated entity.
    (2) The board of directors and its committees may require that 
staff of the regulated entity that provides services to the board or 
any committee under paragraph (d)(1) of this section report directly to 
the board or such committee, as appropriate.


Sec.  1239.5  Board committees.

    (a) General. The board of directors may rely, in directing a 
regulated entity, on reports from committees of the board of directors, 
provided, however, that no committee of the board of directors shall 
have the authority of the board of directors to amend the bylaws and no 
committee shall operate to relieve the board of directors or any board 
member of a responsibility imposed by applicable law, rule, or 
regulation.
    (b) Required committees. The board of directors of each regulated 
entity shall have committees, however styled, that address each of the 
following areas of responsibility: Risk management, audit, 
compensation, and corporate governance (in the case of the Banks, 
including the nomination of independent board of director candidates, 
and, in the case of the Enterprises, including the nomination of all 
board of director candidates). The risk management committee and the 
audit committee shall not be combined with any other committees. The 
board of directors may establish any other committees that it deems 
necessary or useful to carrying out its responsibilities, subject to 
the provisions of this section. In the case of the Enterprises, board 
committees shall comply with the charter, independence, composition, 
expertise, duties, responsibilities, and other requirements set forth 
under rules issued by the NYSE, and the audit committees shall also 
comply with the requirements set forth under section 301 of the SOA.
    (c) Charter. Each committee shall adopt, and the board of directors 
of each regulated entity shall approve, a formal written charter that 
specifies the scope of a committee's powers and responsibilities, as 
well as the committee's structure, processes, and membership 
requirements.
    (d) Frequency of meetings. Each committee of the board of directors 
shall meet regularly and with sufficient frequency to carry out its 
obligations and duties under applicable laws, rules, regulations, and 
guidelines. Such a committee shall also meet with sufficient timeliness 
as necessary in light of relevant conditions and circumstances to 
fulfill its obligations and duties.

Subpart C--Other Requirements Applicable to All Regulated Entities


Sec.  1239.10  Code of conduct and ethics.

    (a) General. A regulated entity shall establish and administer a 
written code of conduct and ethics that is reasonably designed to 
assure the ability of board members, executive officers, and employees 
of the regulated entity to discharge their duties and responsibilities, 
on behalf of the regulated entity, in an objective and impartial 
manner, and that includes standards required under section 406 of the 
SOA, as amended from time to time, and other applicable laws, rules, 
and regulations.
    (b) Review. Not less often than once every three years, a regulated 
entity shall review the adequacy of its code of conduct and ethics for 
consistency with practices appropriate to the entity and make any 
appropriate revisions to such code.


Sec.  1239.11  Risk management.

    (a) Risk management program--(1) Adoption. Each regulated entity's 
board of directors shall have in effect at all times an enterprise-wide 
risk management program that establishes the regulated entity's risk 
profile, aligns the risk profile with the regulated entity's strategies 
and objectives, and addresses the regulated entity's exposure to credit 
risk, market risk, liquidity risk, business risk and operational risks 
and complies with the requirements of this part and with all applicable 
FHFA regulations and policies.
    (2) Risk profile. The board of directors and senior management 
shall ensure that the risk management program aligns the regulated 
entity's overall risk profile with its mission objectives.
    (b) Risk committee. The board of each regulated entity shall 
establish and maintain a risk committee of the board of directors that 
is responsible for oversight of enterprise-wide risk management 
practices of the regulated entity.
    (c) Risk committee structure and requirements. (1) The risk 
management program shall include:
    (i) Risk limitations appropriate to each business line of the 
regulated entity;
    (ii) Appropriate policies and procedures relating to risk 
management governance, risk management practices, and risk control 
infrastructure, and processes and systems for identifying and reporting 
risks, including emerging risks;
    (iii) Provisions for monitoring compliance with the regulated 
entity's risk limit structure and policies and procedures relating to 
risk management governance, practices, risk controls, and effective and 
timely implementation of corrective actions; and
    (iv) Provisions specifying management's authority and independence 
to carry out risk management responsibilities, and the integration of 
risk management and control objectives in management goals and 
compensation structure.
    (2) The risk committee shall:
    (i) Be chaired by a director not serving in a management capacity 
of the regulated entity;
    (ii) Have at least one member with risk management expertise that 
is commensurate with the regulated entity's capital structure, risk 
profile, complexity, activities, size, and other appropriate risk-
related factors;
    (iii) Have committee members with an understanding of risk 
management principles and practices relevant to the regulated entity;
    (iv) Have members with experience developing and applying risk 
management practices and procedures, measuring and identifying risks, 
and monitoring the testing risk controls with respect to financial 
services organizations;
    (v) Fully document and maintain records of its meetings, including 
its risk management decisions and recommendations; and
    (vi) Report directly to the board and not as part of, or combined 
with, another committee.
    (d) Risk committee responsibilities. The risk committee shall:
    (1) Be responsible for documenting and overseeing the enterprise-
wide risk management policies and practices of the regulated entity;
    (2) Review and approve an appropriate risk management program that 
is commensurate with the regulated entity's capital structure, risk 
profile, complexity, activities, size, and other appropriate risk-
related factors; and
    (3) Receive and review regular reports from the regulated entity's 
chief risk officer.
    (e) Chief Risk Officer--(1) Appointment of a chief risk officer

[[Page 4426]]

(CRO). Each regulated entity shall appoint a CRO to implement and 
maintain appropriate enterprise-wide risk management practices for the 
regulated entity.
    (2) Organizational structure of the risk management function. The 
CRO shall oversee an independent risk management function, or unit, and 
shall report directly to the risk committee and to the chief executive 
officer.
    (3) Responsibilities of the CRO. The CRO shall be responsible for 
oversight of:
    (i) Allocating delegated risk limits and monitoring compliance with 
such limits;
    (ii) Establishing appropriate policies and procedures relating to 
risk management governance, practices, and risk controls, and 
developing appropriate processes and systems for identifying and 
reporting risks, including emerging risks;
    (iii) Monitoring risk exposures and risk controls, including 
testing risk controls and verifying risk measures; and
    (iv) Reporting risk management issues and emerging risks, and 
ensuring that risk management issues are effectively resolved in a 
timely manner.
    (4) The CRO shall execute the responsibilities enumerated in 
paragraph (e)(3) of this section on an enterprise-wide basis.
    (5) The CRO should have risk management expertise that is 
commensurate with the regulated entity's capital structure, risk 
profile, complexity, activities, size, and other appropriate risk 
related factors.
    (6) The CRO shall report regularly to the risk committee and to the 
chief executive officer on the entity's compliance with, and the 
adequacy of, its current risk management policies and procedures, and 
shall recommend any adjustments to such policies and procedures that he 
or she considers necessary or appropriate.
    (7) The compensation of a regulated entity's CRO shall be 
appropriately structured to provide for an objective and independent 
assessment of the risks taken by the regulated entity.


Sec.  1239.12  Compliance program.

    A regulated entity shall establish and maintain a compliance 
program that is reasonably designed to assure that the regulated entity 
complies with applicable laws, rules, regulations, and internal 
controls. The compliance program shall be headed by a compliance 
officer, however styled, who reports directly to the chief executive 
officer. The compliance officer also shall report regularly to the 
board of directors, or an appropriate committee thereof, on the 
adequacy of the entity's compliance policies and procedures, including 
the entity's compliance with them, and shall recommend any revisions to 
such policies and procedures that he or she considers necessary or 
appropriate.


Sec.  1239.13  Regulatory reports.

    (a) Reports. Each regulated entity shall file Regulatory Reports 
with FHFA in accordance with the forms, instructions, and schedules 
issued by FHFA from time to time. If no regularly scheduled reporting 
dates are established, Regulatory Reports shall be filed as requested 
by FHFA.
    (b) Definition. For purposes of this section, the term Regulatory 
Report means any report to FHFA of information or raw or summary data 
needed to evaluate the safe and sound condition or operations of a 
regulated entity, or to determine compliance with any:
    (1) Provision in the Bank Act, Safety and Soundness Act, or other 
law, order, rule, or regulation;
    (2) Condition imposed in writing by FHFA in connection with the 
granting of any application or other request by a regulated entity; or
    (3) Written agreement entered into between FHFA and a regulated 
entity.

Subpart D--Enterprise Specific Requirements


Sec.  1239.20  Board of directors of the Enterprises.

    (a) Membership--(1) Limits on service of board members--(i) General 
requirement. No board member of an Enterprise may serve on the board of 
directors for more than 10 years or past the age of 72, whichever comes 
first; provided, however, a board member may serve his or her full term 
if he or she has served less than 10 years or is 72 years on the date 
of his or her election or appointment to the board; and
    (ii) Waiver. Upon written request of an Enterprise, the Director 
may waive, in his or her sole discretion and for good cause, the limits 
on the service of a board member under paragraph (a)(1)(i) of this 
section.
    (2) Independence of board members. A majority of seated members of 
the board of directors of an Enterprise shall be independent board 
members, as defined under rules set forth by the NYSE, as amended from 
time to time.
    (3) Segregation of duties. The position of chairperson of the board 
of directors shall be filled by a person other than the chief executive 
officer, who shall also be a director of the Enterprise that is 
independent, as defined under the rules set forth by the NYSE, as 
amended from time to time.
    (b) Meetings, quorum and proxies, information, and annual review--
(1) Frequency of meetings. The board of directors of an Enterprise 
shall meet at least eight times a year and no less than once a calendar 
quarter to carry out its obligations and duties under applicable laws, 
rules, regulations, and guidelines.
    (2) Non-management board member meetings. Non-management directors 
of an Enterprise shall meet at regularly scheduled executive sessions 
without management participation.
    (3) Quorum of board of directors; proxies not permissible. For the 
transaction of business, a quorum of the board of directors of an 
Enterprise is at least a majority of the seated board of directors and 
a board member may not vote by proxy.
    (4) Information. Management of an Enterprise shall provide a board 
member of the Enterprise with such adequate and appropriate information 
that a reasonable board member would find important to the fulfillment 
of his or her fiduciary duties and obligations.
    (5) Annual review. At least annually, the board of directors of an 
Enterprise shall review, with appropriate professional assistance, the 
requirements of laws, rules, regulations, and guidelines that are 
applicable to its activities and duties.


Sec.  1239.21  Compensation of Enterprise board members.

    Each Enterprise may pay its directors reasonable and appropriate 
compensation for the time required of them, and their necessary and 
reasonable expenses, in the performance of their duties.

Subpart E--Bank Specific Requirements


Sec.  1239.30  Bank member products policy.

    (a) Adoption and review of member products policy--(1) Adoption. 
Each Bank's board of directors shall have in effect at all times a 
policy that addresses the Bank's management of products offered by the 
Bank to members and housing associates, including but not limited to 
advances, standby letters of credit, and acquired member assets, 
consistent with the requirements of the Bank Act, paragraph (b) of this 
section, and all applicable FHFA regulations and policies.
    (2) Review and compliance. Each Bank's board of directors shall:
    (i) Review the Bank's member products policy annually;

[[Page 4427]]

    (ii) Amend the member products policy as appropriate; and
    (iii) Re-adopt the member products policy, including interim 
amendments, not less often than every three years.
    (b) Member products policy requirements. In addition to meeting any 
other requirements set forth in this chapter, each Bank's member 
products policy shall:
    (1) Address credit underwriting criteria to be applied in 
evaluating applications for advances, standby letters of credit, and 
renewals;
    (2) Address appropriate levels of collateralization, valuation of 
collateral and discounts applied to collateral values for advances, and 
standby letters of credit;
    (3) Address advances-related fees to be charged by each Bank, 
including any schedules or formulas pertaining to such fees;
    (4) Address standards and criteria for pricing member products, 
including differential pricing of advances pursuant to Sec.  
1266.5(b)(2) of this chapter, and criteria regarding the pricing of 
standby letters of credit, including any special pricing provisions for 
standby letters of credit that facilitate the financing of projects 
that are eligible for any of the Banks' CICA programs under part 1292 
of this chapter;
    (5) Provide that, for any draw made by a beneficiary under a 
standby letter of credit, the member will be charged a processing fee 
calculated in accordance with the requirements of Sec.  1271.6(b) of 
this chapter;
    (6) Address the maintenance of appropriate systems, procedures and 
internal controls; and
    (7) Address the maintenance of appropriate operational and 
personnel capacity.


Sec.  1239.31  Strategic business plan.

    (a) Adoption of strategic business plan. Each Bank's board of 
directors shall have in effect at all times a strategic business plan 
that describes how the business activities of the Bank will achieve the 
mission of the Bank consistent with part 1265 of this chapter. 
Specifically, each Bank's strategic business plan shall:
    (1) Enumerate operating goals and objectives for each major 
business activity and for all new business activities, which must 
include plans for maximizing activities that further the Bank's housing 
finance and community lending mission, consistent with part 1265 of 
this chapter;
    (2) Discuss how the Bank will address credit needs and market 
opportunities identified through ongoing market research and 
consultations with members, associates, and public and private 
organizations;
    (3) Establish quantitative performance goals for Bank products 
related to multi-family housing, small business, small farm and small 
agri-business lending;
    (4) Describe any proposed new business activities or enhancements 
of existing activities; and
    (5) Be supported by appropriate and timely research and analysis of 
relevant market developments and member and associate demand for Bank 
products and services.
    (b) Review and monitoring. Each Bank's board of directors shall:
    (1) Review the Bank's strategic business plan at least annually;
    (2) Re-adopt the Bank's strategic business plan, including interim 
amendments, not less often than every three years; and
    (3) Establish management reporting requirements and monitor 
implementation of the strategic business plan and the operating goals 
and objectives contained therein.
    (c) Report to FHFA. Each Bank shall submit to FHFA annually a 
report analyzing and describing the Bank's performance in achieving the 
goals described in paragraph (a)(3) of this section.


Sec.  1239.32  Internal control system.

    (a) Establishment and maintenance. (1) Each Bank shall establish 
and maintain an effective internal control system that addresses:
    (i) The efficiency and effectiveness of Bank activities;
    (ii) The safeguarding of Bank assets;
    (iii) The reliability, completeness, and timely reporting of 
financial and management information, and transparency of such 
information to the Bank's board of directors and to FHFA; and
    (iv) Compliance with applicable laws, regulations, policies, 
supervisory determinations, and directives of the Bank's board of 
directors and senior management.
    (2) Ongoing internal control activities necessary to maintain the 
internal control system required under paragraph (a)(1) of this section 
shall include, but are not limited to:
    (i) Top level reviews by the Bank's board of directors and senior 
management, including review of financial presentations and performance 
reports;
    (ii) Activity controls, including review of standard performance 
and exception reports by department-level management on an appropriate 
periodic basis;
    (iii) Physical and procedural controls to safeguard, and prevent 
the unauthorized use of, assets;
    (iv) Monitoring for compliance with the risk tolerance limits set 
forth in the Bank's risk management policy;
    (v) Any required approvals and authorizations for specific 
activities; and
    (vi) Any required verifications and reconciliations for specific 
activities.
    (b) Internal control responsibilities of Banks' boards of 
directors. Each Bank's board of directors shall ensure that the 
internal control system required under paragraph (a)(1) of this section 
is established and maintained, and shall oversee senior management's 
implementation of such a system on an ongoing basis, by:
    (1) Conducting periodic discussions with senior management 
regarding the effectiveness of the internal control system;
    (2) Ensuring that an internal audit of the internal control system 
is performed annually and that such annual audit is reasonably designed 
to be effective and comprehensive;
    (3) Requiring that internal control deficiencies be reported to the 
Bank's board of directors in a timely manner and that such deficiencies 
are addressed promptly;
    (4) Conducting a timely review of evaluations of the effectiveness 
of the internal control system made by internal auditors, external 
auditors, and FHFA examiners;
    (5) Directing senior management to address promptly and effectively 
recommendations and concerns expressed by internal auditors, external 
auditors, and FHFA examiners regarding weaknesses in the internal 
control system;
    (6) Reporting any internal control deficiencies found, and the 
corrective action taken, to FHFA in a timely manner;
    (7) Establishing, documenting, and communicating an organizational 
structure that clearly shows lines of authority within the Bank, 
provides for effective communication throughout the Bank, and ensures 
that there are no gaps in the lines of authority;
    (8) Reviewing all delegations of authority to specific personnel or 
committees and requiring that such delegations state the extent of the 
authority and responsibilities delegated; and
    (9) Establishing reporting requirements, including specifying the 
nature and frequency of reports it receives.
    (c) Internal control responsibilities of Banks' senior management. 
Each Bank's

[[Page 4428]]

senior management shall be responsible for carrying out the directives 
of the Bank's board of directors, including the establishment, 
implementation, and maintenance of the internal control system required 
under paragraph (a)(1) of this section, by:
    (1) Establishing, implementing, and effectively communicating to 
Bank personnel policies and procedures that are adequate to ensure that 
internal control activities necessary to maintain an effective internal 
control system, including the activities enumerated in paragraph (a)(2) 
of this section, are an integral part of the daily functions of all 
Bank personnel;
    (2) Ensuring that all Bank personnel fully understand and comply 
with all policies, procedures, and legal requirements applicable to 
their positions and responsibilities;
    (3) Ensuring that there is appropriate segregation of duties among 
Bank personnel and that personnel are not assigned conflicting 
responsibilities;
    (4) Establishing effective paths of communication upward, downward, 
and across the organization in order to ensure that Bank personnel 
receive necessary and appropriate information, including:
    (i) Information relating to the operational policies and procedures 
of the Bank;
    (ii) Information relating to the actual operational performance of 
the Bank;
    (iii) Adequate and comprehensive internal financial, operational, 
and compliance data; and
    (iv) External market information about events and conditions that 
are relevant to decision making;
    (5) Developing and implementing procedures that translate the major 
business strategies and policies established by the Bank's board of 
directors into operating standards;
    (6) Ensuring adherence to the lines of authority and responsibility 
established by the Bank's board of directors;
    (7) Overseeing the implementation and maintenance of management 
information and other systems;
    (8) Establishing and implementing an effective system to track 
internal control weaknesses and the actions taken to correct them; and
    (9) Monitoring and reporting to the Bank's board of directors the 
effectiveness of the internal control system on an ongoing basis.


Sec.  1239.33  Audit committee.

    (a) Establishment. The audit committee of each Bank established as 
required by Sec.  1239.5(b) of this chapter, shall be consistent with 
the requirements set forth in this section.
    (b) Composition. (1) The audit committee shall comprise five or 
more persons drawn from the Bank's board of directors, each of whom 
shall meet the criteria of independence set forth in paragraph (c) of 
this section.
    (2) The audit committee shall include a balance of representatives 
of:
    (i) Community financial institutions and other members; and
    (ii) Independent and member directors of the Bank.
    (3) The terms of audit committee members shall be appropriately 
staggered so as to provide for continuity of service.
    (4) At least one member of the audit committee shall have extensive 
accounting or related financial management experience.
    (c) Independence. Any member of the Bank's board of directors shall 
be considered to be sufficiently independent to serve as a member of 
the audit committee if that director does not have a disqualifying 
relationship with the Bank or its management that would interfere with 
the exercise of that director's independent judgment. Such 
disqualifying relationships include, but are not limited to:
    (1) Being employed by the Bank in the current year or any of the 
past five years;
    (2) Accepting any compensation from the Bank other than 
compensation for service as a board director;
    (3) Serving or having served in any of the past five years as a 
consultant, advisor, promoter, underwriter, or legal counsel of or to 
the Bank; or
    (4) Being an immediate family member of an individual who is, or 
has been in any of the past five years, employed by the Bank as an 
executive officer.
    (d) Charter. (1) The audit committee and the board of directors of 
each Bank shall:
    (i) Review, and assess the adequacy of, the Bank's audit committee 
charter on an annual basis;
    (ii) Amend the audit committee charter as appropriate; and
    (iii) Re-adopt and re-approve, respectively, the Bank's audit 
committee charter not less often than every three years.
    (2) Each Bank's audit committee charter shall:
    (i) Provide that the audit committee has the responsibility to 
select, evaluate and, where appropriate, replace the internal auditor 
and that the internal auditor may be removed only with the approval of 
the audit committee;
    (ii) Provide that the internal auditor shall report directly to the 
audit committee on substantive matters and that the internal auditor is 
ultimately accountable to the audit committee and board of directors; 
and
    (iii) Provide that both the internal auditor and the external 
auditor shall have unrestricted access to the audit committee without 
the need for any prior management knowledge or approval.
    (e) Duties. Each Bank's audit committee shall have the duty to:
    (1) Direct senior management to maintain the reliability and 
integrity of the accounting policies and financial reporting and 
disclosure practices of the Bank;
    (2) Review the basis for the Bank's financial statements and the 
external auditor's opinion rendered with respect to such financial 
statements (including the nature and extent of any significant changes 
in accounting principles or the application therein) and ensure that 
policies are in place that are reasonably designed to achieve 
disclosure and transparency regarding the Bank's true financial 
performance and governance practices;
    (3) Oversee the internal audit function by:
    (i) Reviewing the scope of audit services required, significant 
accounting policies, significant risks and exposures, audit activities, 
and audit findings;
    (ii) Assessing the performance and determining the compensation of 
the internal auditor; and
    (iii) Reviewing and approving the internal auditor's work plan.
    (4) Oversee the external audit function by:
    (i) Approving the external auditor's annual engagement letter;
    (ii) Reviewing the performance of the external auditor; and
    (iii) Making recommendations to the Bank's board of directors 
regarding the appointment, renewal, or termination of the external 
auditor;
    (5) Provide an independent, direct channel of communication between 
the Bank's board of directors and the internal and external auditors;
    (6) Conduct or authorize investigations into any matters within the 
audit committee's scope of responsibilities;
    (7) Ensure that senior management has established and is 
maintaining an adequate internal control system within the Bank by:
    (i) Reviewing the Bank's internal control system and the resolution 
of identified material weaknesses and significant deficiencies in the 
internal control system, including the prevention or detection of 
management override or compromise of the internal control system; and

[[Page 4429]]

    (ii) Reviewing the programs and policies of the Bank designed to 
ensure compliance with applicable laws, regulations and policies, and 
monitoring the results of these compliance efforts;
    (8) Review the policies and procedures established by senior 
management to assess and monitor implementation of the Bank's strategic 
business plan and the operating goals and objectives contained therein; 
and
    (9) Report periodically its findings to the Bank's board of 
directors.
    (f) Meetings. The audit committee shall prepare written minutes of 
each audit committee meeting.


Sec.  1239.34  Dividends.

    A Bank's board of directors may not declare or pay a dividend based 
on projected or anticipated earnings and may not declare or pay a 
dividend if the par value of the Bank's stock is impaired or is 
projected to become impaired after paying such dividend.

CHAPTER XVII--OFFICE OF FEDERAL HOUSING ENTERPRISE OVERSIGHT, 
DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT

Subchapter C--Safety and Soundness

PART 1710--[REMOVED]

0
6. Remove part 1710.

PART 1720--[REMOVED]

0
7. Remove part 1720.

    Dated: January 15, 2014.
Melvin L. Watt,
Director, Federal Housing Finance Agency.
[FR Doc. 2014-01173 Filed 1-27-14; 8:45 am]
BILLING CODE 8070-01-P