Interagency Statement on Sound Practices Concerning Elevated Risk Complex Structured Finance Activities, 1372-1380 [07-55]

Agencies

• FEDERAL DEPOSIT INSURANCE CORPORATION
• FEDERAL RESERVE SYSTEM
• SECURITIES AND EXCHANGE COMMISSION
• Office of the Comptroller of the Currency
• DEPARTMENT OF THE TREASURY
• Office of Thrift Supervision
• Comptroller of the Currency

[Federal Register Volume 72, Number 7 (Thursday, January 11, 2007)]
[Notices]
[Pages 1372-1380]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 07-55]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

[Docket No. 06-17]

Office of Thrift Supervision

[Docket No. 2006-55]

FEDERAL RESERVE SYSTEM

[Docket No. OP-1254]

FEDERAL DEPOSIT INSURANCE CORPORATION

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-55043; File No. S7-08-06]


Interagency Statement on Sound Practices Concerning Elevated Risk 
Complex Structured Finance Activities

AGENCIES: Office of the Comptroller of the Currency, Treasury 
(``OCC''); Office of Thrift Supervision, Treasury (``OTS''); Board of 
Governors of the Federal Reserve System (``Board''); Federal Deposit 
Insurance Corporation (``FDIC''); and Securities and Exchange 
Commission (``SEC'') (collectively, the ``Agencies'').

ACTION: Notice of final interagency statement.

-----------------------------------------------------------------------

SUMMARY: The Agencies are adopting an Interagency Statement on Sound 
Practices Concerning Elevated Risk Complex Structured Finance 
Activities (``Final Statement''). The Final Statement pertains to 
national banks, state banks, bank holding companies (other than foreign 
banks), federal and state savings associations, savings and loan 
holding companies, U.S. branches and agencies of foreign banks, and 
SEC-registered broker-dealers and investment advisers (collectively, 
``financial institutions'' or ``institutions'') engaged in complex 
structured finance transactions (``CSFTs''). In May 2004, the Agencies 
issued and requested comment on a proposed interagency statement 
(``Initial Proposed Statement''). After reviewing the comments received 
on the Initial Proposed Statement, the Agencies in May 2006 issued and 
requested comment on a revised proposed interagency statement 
(``Revised Proposed Statement''). The modifications to the Revised 
Proposed Statement, among other things, made the statement more 
principles-based and focused on the identification, review and approval 
process for those CSFTs that may pose heightened levels of legal or 
reputational risk to the relevant institution (referred to as 
``elevated risk CSFTs''). After carefully reviewing the comments on the 
Revised Proposed Statement, the Agencies have adopted the Final 
Statement with minor modifications designed to clarify, but not alter, 
the principles set forth in the Revised Proposed Statement. The Final 
Statement describes some of the internal controls and risk management 
procedures that may help financial institutions identify, manage, and 
address the heightened reputational and legal risks that may arise from 
elevated risk CSFTs. As discussed further below, the Final Statement 
will not affect or apply to the vast majority of financial 
institutions, including most small institutions, nor does it create any 
private rights of action.

EFFECTIVE DATE: The Final Statement is effective January 11, 2007.

FOR FURTHER INFORMATION CONTACT:
    OCC: Kathryn E. Dick, Deputy Comptroller, Credit and Market Risk, 
(202) 874-4660; Grace E. Dailey, Deputy Comptroller, Large Bank 
Supervision, (202) 874-4610; or Ellen Broadman, Director, Securities 
and Corporate Practices Division, (202) 874-5210, Office of the 
Comptroller of the Currency, 250 E Street, SW., Washington, DC 20219.
    OTS: Fred J. Phillips-Patrick, Director, Credit Policy, (202) 906-
7295, and Deborah S. Merkle, Project Manager, Credit Policy, (202) 906-
5688, Examinations and Supervision Policy; or David A. Permut, Senior 
Attorney, Business Transactions Division, (202) 906-7505, Office of 
Thrift Supervision, 1700 G Street, NW., Washington, DC 20552.
    Board: Sabeth I. Siddique, Assistant Director, (202) 452-3861, or 
Virginia Gibbs, Senior Supervisory Financial Analyst, (202) 452-2521, 
Division of Banking Supervision and Regulation; or Kieran J. Fallon, 
Assistant General Counsel, (202) 452-5270, or Anne B. Zorc, Senior 
Attorney, (202) 452-3876, Legal Division, Board of Governors of the 
Federal Reserve System, 20th Street and Constitution Avenue, NW., 
Washington, DC 20551. Users of Telecommunication Device for Deaf (TTD) 
only, call (202) 263-4869.
    FDIC: Jason C. Cave, Associate Director, (202) 898-3548; Division 
of Supervision and Consumer Protection; or Mark G. Flanigan, Counsel, 
Supervision and Legislation Branch, Legal Division, (202) 898-7426, 
Federal Deposit Insurance Corporation, 550 17th Street, NW., 
Washington, DC 20429.
    SEC: Mary Ann Gadziala, Associate Director, Office of Compliance 
Inspections and Examinations, (202) 551-6207; Catherine McGuire, Chief 
Counsel, Linda Stamp Sundberg, Senior Special Counsel (Banking and 
Derivatives), or Randall W. Roy, Branch Chief, Division of Market 
Regulation, (202) 551-5550, Securities and Exchange Commission, 100 F 
Street, NE., Washington, DC 20549.

SUPPLEMENTARY INFORMATION:

I. Background

    Financial markets have grown rapidly over the past decade, and 
innovations in financial instruments have facilitated the structuring 
of cash flows and allocation of risk among creditors, borrowers, and 
investors in more efficient ways. Financial derivatives for market and 
credit risk, asset-backed securities with customized cash flow 
features, specialized financial conduits that manage pools of assets, 
and other types of structured finance transactions serve important 
purposes, such as diversifying risk, allocating cash flows and reducing 
cost of capital. As a result, structured finance transactions, 
including the more complex variations of these transactions, now are an 
essential part of U.S. and international capital markets.
    When a financial institution participates in a CSFT, it bears the 
usual market, credit, and operational risks associated with the 
transaction. In some circumstances, a financial institution also may 
face heightened legal or reputational risks due to its involvement in a 
CSFT. For example, a financial institution involved in a CSFT may face 
heightened legal or reputational risk if the customer's regulatory, tax 
or accounting treatment for the CSFT, or disclosures concerning the 
CSFT in its public filings or financial statements, do not comply with 
applicable laws, regulations or accounting principles.\1\
---------------------------------------------------------------------------

    \1\ For a memorandum on the potential liability of a financial 
institution for securities laws violations arising from 
participation in a CSFT, see Letter from Annette L. Nazareth, 
Director, Division of Market Regulation, Securities and Exchange 
Commission, to Richard Spillenkothen and Douglas W. Roeder, dated 
December 4, 2003 (available at https://www.federalreserve.gov/
boarddocs/srletters/2004/ and https://www.occ.treas.gov).
---------------------------------------------------------------------------

    In some cases, certain CSFTs appear to have been used in illegal 
schemes

[[Page 1373]]

that misrepresented the financial condition of public companies to 
investors and regulatory authorities. After conducting investigations, 
the OCC, Federal Reserve System and SEC took strong and coordinated 
civil and administrative enforcement actions against certain financial 
institutions that engaged in CSFTs that appeared to have been designed 
or used to shield their customers' true financial health from the 
public. These actions involved the assessment of significant financial 
penalties on the institutions and required the institutions to take 
several measures to strengthen their risk management procedures for 
CSFTs.\2\ The complex structured finance relationships involving these 
financial institutions also sparked an investigation by the Permanent 
Subcommittee on Governmental Affairs of the United States Senate,\3\ as 
well as numerous lawsuits by private litigants.
---------------------------------------------------------------------------

    \2\ See, e.g., In the Matter of Citigroup, Inc., Securities 
Exchange Act Release No. 48230 (July 28, 2003), Written Agreement by 
and between Citibank, N.A. and the Office of the Comptroller of the 
Currency, No. 2003-77 (July 28, 2003) (pertaining to transactions 
entered into by Citibank, N.A. with Enron Corp.) and Written 
Agreement by and between Citigroup, Inc. and the Federal Reserve 
Bank of New York, dated July 28, 2003 (pertaining to transactions 
involving Citigroup Inc. and its subsidiaries and Enron Corp. and 
Dynegy Inc.); SEC v. J.P. Morgan Chase, SEC Litigation Release No. 
18252 (July 28, 2003) and Written Agreement by and among J.P. Morgan 
Chase & Co., the Federal Reserve Bank of New York, and the New York 
State Banking Department, dated July 28, 2003 (pertaining to 
transactions involving J.P. Morgan Chase & Co. and its subsidiaries 
and Enron Corp.).
    \3\ See Fishtail, Bacchus, Sundance, and Slapshot: Four Enron 
Transactions Funded and Facilitated by U.S. Financial Institutions, 
Report Prepared by the Permanent Subcomm. on Investigations, Comm. 
on Governmental Affairs, United States Senate, S. Rpt. 107-82 
(2003).
---------------------------------------------------------------------------

    The OCC, Federal Reserve System and SEC also conducted special 
reviews of several large financial institutions engaged in CSFTs, and 
the Agencies have focused attention on the CSFT activities of financial 
institutions in the normal course of the supervisory process. These 
reviews and activities indicate that many of the large financial 
institutions engaged in CSFTs have taken meaningful steps in recent 
years to improve their control infrastructure relating to CSFTs.

II. Initial and Revised Proposed Statements

    To assist financial institutions in identifying, managing, and 
addressing the risks that may be associated with CSFTs, the Agencies 
developed and requested public comment on the Initial Proposed 
Statement.\4\ The Initial Proposed Statement described the types of 
policies and procedures that a financial institution engaged in CSFTs 
should have in place to allow the institution to identify, document, 
evaluate, and control the full range of credit, market, operational, 
legal, and reputational risks that may arise from CSFTs. The agencies 
collectively received comments from more than 40 commenters on the 
Initial Proposed Statement. Although commenters generally supported the 
Agencies' efforts to describe the types of risk management procedures 
and internal controls that may help institutions manage the risks 
associated with CSFTs, virtually all of the commenters recommended 
changes to the Initial Proposed Statement.
---------------------------------------------------------------------------

    \4\ See 69 FR 28980, May 19, 2004.
---------------------------------------------------------------------------

    After carefully reviewing the comments on the Initial Proposed 
Statement, the Agencies issued and requested comment on a Revised 
Proposed Statement.\5\ The Revised Proposed Statement was modified in 
numerous respects to clarify the purpose, scope and effect of the 
statement; make the statement more risk-focused and principles based; 
and focus the statement on those CSFTs that may pose elevated levels of 
legal or reputational risk to the relevant institution.\6\
---------------------------------------------------------------------------

    \5\ See 71 FR 28326, May 16, 2006.
    \6\ A more detailed summary of the comments on the Initial 
Proposed Statement, as well as the changes made in response to those 
comments, is contained in the Federal Register notice accompanying 
the Revised Proposed Statement (71 FR 28326, 28328-29 (May 16, 
2006)).
---------------------------------------------------------------------------

III. Overview of Comments on the Revised Proposed Statement

    The Agencies collectively received written comments from 19 
commenters on the Revised Proposed Statement, although many commenters 
submitted identical comments to multiple Agencies. Commenters included 
banking organizations, financial services trade associations, and 
individuals. Commenters generally expressed strong support for the 
Revised Proposed Statement, including its principles-based structure 
and focus on elevated risk CSFTs. Many commenters also asserted that 
the Revised Proposed Statement provides a financial institution 
appropriate flexibility to develop internal controls and risk 
management procedures that are tailored to the institution's own 
business activities and organizational structure.
    Several commenters requested that the Agencies clarify or revise 
the Revised Proposed Statement in certain respects. For example, some 
commenters asked the Agencies to further streamline the provisions in 
the statement pertaining to documentation of elevated risk CSFTs, or 
clarify how the U.S. branches or agencies of foreign banks might 
implement risk management systems, policies or controls consistent with 
the statement's principles. In addition, some commenters asked the 
Agencies to set forth or clarify the legal standards governing the 
potential liability of financial institutions for CSFTs or provide 
``safe harbors'' from such potential liability. One group of commenters 
also argued that the Revised Proposed Statement should not be 
implemented because it allegedly would encourage or condone illegal 
conduct by financial institutions. The comments received on the Revised 
Proposed Statement are further discussed below.

IV. Overview of Final Statement

    After carefully reviewing the comments on the Revised Proposed 
Statement, the Agencies have made minor modifications to the Revised 
Proposed Statement in response to comments and to clarify the 
principles, scope, and intent of the Final Statement. The Final 
Statement has been adopted as supervisory guidance by the Board, OCC, 
FDIC and OTS and as a policy statement by the SEC. The Agencies will 
use the Final Statement going forward in reviewing the internal 
controls and risk management policies, procedures and systems of 
financial institutions engaged in CSFTs as part of the Agencies' 
ongoing supervisory process.
    The Agencies continue to believe that it is important for a 
financial institution engaged in CSFTs to have policies and procedures 
that are designed to allow the institution to effectively manage and 
address the full range of risks associated with its CSFT activities, 
including the elevated legal or reputational risks that may arise in 
connection with certain CSFTs. For this reason, the Final Statement 
describes the types of risk management principles that the Agencies 
believe may help a financial institution to identify elevated risk 
CSFTs and to evaluate, manage, and address these risks within the 
institution's internal control framework.\7\ These policies and 
procedures should, among other things, be designed to allow the 
institution to identify elevated risk CSFTs during its

[[Page 1374]]

transaction and new product approval processes, and should provide for 
elevated risk CSFTs to be reviewed by appropriate levels of control and 
management personnel at the institution, including personnel from 
control areas that are independent of the business line(s) involved in 
the transaction.
---------------------------------------------------------------------------

    \7\ As noted in the Final Statement, financial institutions are 
encouraged to refer to other supervisory guidance and materials 
prepared by the Agencies for further information concerning market, 
credit and operational risk, as well as for further information on 
legal and reputational risk, internal audit and internal controls.
---------------------------------------------------------------------------

    The Final Statement--like the Revised Proposed Statement--applies 
to financial institutions that are engaged in CSFT activities and 
focuses on those CSFTs that may create heightened levels of legal or 
reputational risks for a participating financial institution. Because 
CSFTs typically are conducted by a limited number of large financial 
institutions, the Final Statement will not affect or apply to the vast 
majority of financial institutions, including most small institutions.
    As the Final Statement recognizes, structured finance transactions 
encompass a broad array of products with varying levels of complexity. 
Most structured finance transactions, such as standard public mortgage-
backed securities and hedging-type transactions involving ``plain 
vanilla'' derivatives or collateralized debt obligations, are familiar 
to participants in the financial markets, have well-established track 
records, and typically would not be considered CSFTs for purposes of 
the Final Statement. Some commenters requested that the Agencies 
provide a more extensive list of structured finance transactions that 
typically would not be considered CSFTs. The Agencies note that the 
types of non-complex transactions listed in the Final Statement are 
only examples of the types of transactions that typically would not be 
considered CSFTs and that any list of examples would not, and could 
not, be all inclusive given the changing nature of the structured 
finance market. Consistent with the principles-based approach of the 
Final Statement, the Agencies believe the statement appropriately 
highlights the hallmarks of a non-complex transaction--i.e., a well 
established track record and familiarity to participants in the 
financial markets--that may guide institutions and examiners in 
considering whether a particular type of transaction should be 
considered a CSFT now or in the future.

A. Identification, Due Diligence, and Approval Processes for Elevated 
Risk CSFTs

    As noted above, a financial institution should establish and 
maintain policies, procedures and systems that are designed to identify 
elevated risk CSFTs as part of the institution's transaction or new 
product approval processes, and to ensure that transactions or new 
products identified as elevated risk CSFTs are subject to heightened 
review.\8\ In general, a financial institution should conduct the level 
and amount of due diligence for an elevated risk CSFT that is 
commensurate with the level of risks identified. A financial 
institution's policies and procedures should provide that CSFTs 
identified as potentially having elevated legal or reputational risk 
are reviewed and approved by appropriate levels of management. The 
Agencies continue to believe that the designated approval process for 
elevated risk CSFTs should include the institution's representatives 
from the relevant business line(s) and/or client relationship 
management, as well as from appropriate control areas that are 
independent of the business line(s) involved in the transaction. An 
institution's policies should provide that new complex structured 
finance products receive the approval of all relevant control areas 
that are independent of the profit center before the product is offered 
to customers.\9\
---------------------------------------------------------------------------

    \8\ In response to comments, the Agencies have modified the 
Final Statement to clarify that a U.S. branch or agency of a foreign 
bank is not necessarily expected to establish or adopt separate 
U.S.-based risk management structures or policies for its CSFT 
activities. In addition, the Agencies believe the Final Statement 
provides U.S. branches and agencies of foreign banks sufficient 
flexibility to develop controls, risk management and reporting 
structures, and lines of authority that are consistent with the 
internal management structure of U.S. branches and agencies. 
However, the risk management structure and policies used by a U.S. 
branch or agency, whether adopted or implemented on a group-wide or 
stand-alone basis, should be effective in allowing the branch or 
agency to manage the risks associated with its CSFT activities.
    \9\ One commenter sought clarification regarding when during the 
new product approval process a new complex structured finance 
product should receive the approval of relevant control areas. The 
Agencies note that the Final Statement is not intended to prevent 
institutions from engaging in initial or preliminary discussions or 
negotiations with potential customers about a new complex structured 
finance product. However, an institution should obtain the necessary 
approvals for a new complex structured finance product from 
appropriate control areas before the institution enters into, or 
becomes obligated to enter into, a transaction with the customer.
---------------------------------------------------------------------------

    The Final Statement--like the Revised Proposed Statement--provides 
examples of transactions that may warrant additional scrutiny by an 
institution. These examples include, among other things, transactions 
that appear to the institution to:
     Lack economic substance or business purpose;
     Be designed or used primarily for questionable accounting, 
regulatory, or tax objectives, particularly when the transactions are 
executed at year-end or at the end of a reporting period for the 
customer; or
     Raise concerns that the client will report or disclose the 
transaction in its public filings or financial statements in a manner 
that is materially misleading or inconsistent with the substance of the 
transaction or applicable regulatory or accounting requirements.
    A few commenters contended that the examples of elevated risk CSFTs 
contained in the Revised Proposed Statement have characteristics that 
are signals, if not conclusive proof, of fraudulent activity, and 
recommended that the Agencies inform financial institutions that 
transactions or products with any of these characteristics should be 
considered presumptively prohibited. The commenters also argued that 
the statement encourages or condones illegal conduct by financial 
institutions. The Agencies believe that CSFTs that initially appear to 
an institution, during the ordinary course of its new product or 
transaction approval process, to have one or more of the 
characteristics identified in the Final Statement should generally be 
identified as an elevated risk CSFT, and the institution should conduct 
due diligence for the transaction that is commensurate with the level 
of identified, potential risks. The Agencies, however, do not believe 
it is appropriate to provide that all transactions initially identified 
as potentially creating elevated legal or reputational risks for an 
institution should be considered presumptively prohibited. For example, 
an institution, after conducting additional due diligence for a 
transaction initially identified as an elevated risk CSFT, may 
determine that the transaction does not, in fact, have the 
characteristics that initially triggered the review. Alternatively, the 
institution may take steps to address the legal or reputational risks 
that initially triggered the review. In this regard, the Final 
Statement expressly provides that, if after evaluating an elevated risk 
CSFT, a financial institution determines that its participation in the 
transaction would create significant legal or reputational risks for 
the institution, the financial institution should take appropriate 
steps to manage and address these risks. Such steps may include 
modifying the transaction or conditioning the institution's 
participation in the transaction upon the receipt of representations or 
assurances from the customer that reasonably address the heightened 
risks presented by the transaction.
    Importantly, the Final Statement continues to provide that a 
financial

[[Page 1375]]

institution should decline to participate in an elevated risk CSFT if, 
after conducting appropriate due diligence and taking appropriate steps 
to address the risks from the transaction, the institution determines 
that the transaction presents unacceptable risks to the institution or 
would result in a violation of applicable laws, regulations or 
accounting principles.\10\ The Final Statement also expressly notes 
that financial institutions must conduct their activities in accordance 
with applicable statutes and regulations. The Agencies believe the 
Final Statement should assist financial institutions engaged in CSFTs 
in managing the risks associated with these activities and complying 
with the law, and does not, as some commenters alleged, encourage or 
condone illegal conduct.
---------------------------------------------------------------------------

    \10\ Some commenters asked the Agencies to clarify that the 
Final Statement does not necessarily prevent a financial institution 
from proceeding with a CSFT simply because there may be some 
ambiguity in how the transaction might be viewed under the law or 
applicable accounting principles. The Agencies recognize that in 
certain circumstances ambiguities may exist as to how the law or 
accounting principles apply to a CSFT, particularly in light of the 
inherent complexity and rapidly evolving nature of CSFTs. 
Nevertheless, as discussed in the Final Statement, a financial 
institution should maintain strong and effective processes and 
controls designed to determine whether any such ambiguities may 
create significant legal or reputational risks for the institution 
and to manage and address those risks as appropriate.
---------------------------------------------------------------------------

    Some commenters also requested that the Agencies enunciate, clarify 
or modify the legal standards governing the potential liability of a 
financial institution for participating in a CSFT that is used for 
fraudulent or illegal purposes. For example, some commenters asked the 
Agencies to declare that institutions do not have a duty to ensure the 
accuracy of a client's public filings or accounting. Other commenters 
asked that the Agencies state that an institution will not be held 
liable or responsible for a CSFT if the institution has a reasonable 
degree of confidence that the customer will report or account for the 
transactions properly. Other commenters expressed concern that the 
Revised Proposed Statement, or the comments submitted on that document, 
attempted to alter the current legal standards under which a financial 
institution may be held liable for fraudulent activity or criminally 
responsible under the Federal securities law or other laws.
    As events in recent years have highlighted, institutions may in 
certain circumstances bear significant legal or reputational risk from 
participating in a CSFT. In light of these risks, the Final Statement 
describes the types of risk management systems and internal controls 
that may help a financial institution engaged in CSFTs to identify 
those CSFTs that may pose heightened legal or reputational risk to the 
institution, and to evaluate, manage, and address those risks. Because 
the Final Statement represents guidance on the part of the Banking 
Agencies and a policy statement on the part of the SEC, it does not, by 
itself, establish any legally enforceable requirements or obligations. 
Moreover, as the Final Statement expressly provides, it does not create 
any private rights of action, nor does it alter or expand the legal 
duties and obligations that a financial institution may have to a 
customer, its shareholders or other parties under applicable law. 
Accordingly, the Agencies do not believe it is appropriate or possible 
to address in the Final Statement these legal concerns expressed by 
commenters.

B. Documentation

    The Final Statement states that a financial institution should 
create and collect sufficient documentation to, among other things, 
verify that the institution's policies and procedures related to 
elevated risk CSFTs are being followed and allow the internal audit 
function to monitor compliance with those policies and procedures. The 
Final Statement also provides that, when an institution's policies and 
procedures require an elevated risk CSFT to be submitted for approval 
to senior management, the institution should maintain the transaction-
related documentation provided to senior management as well as other 
documentation that reflect management's approval (or disapproval) of 
the transaction, any conditions imposed by senior management, and the 
reasons for such action.
    Several commenters strongly suggested that the Agencies should 
eliminate or modify the portions of the statement that provide for a 
financial institution to maintain certain documentation related to 
elevated risk CSFTs that are submitted to the institution's senior 
management for approval (or denial). For example, some commenters 
argued that institutions should not be required to maintain any 
documentation for declined transactions. Other commenters expressed 
concern that this provision was inconsistent with the current practice 
of financial institutions, would require financial institutions to 
create new and potentially extensive documentation to memorialize all 
aspects of the institution's analytical and decision-making process 
with respect to an elevated risk CSFT, or would require institutions to 
create or maintain extensive documentation even for transactions that 
are approved or rejected by junior staff.
    As an initial matter, the Agencies note that the Final Statement's 
provisions regarding documentation for elevated risk CSFTs submitted to 
senior management for approval (or disapproval) do not apply to 
transactions that may be reviewed and acted on by more junior personnel 
in accordance with the institution's policies and procedures. Rather, 
these provisions apply only to those elevated risk CSFTs that are 
identified by the institution as potentially involving the greatest 
degree of risk to the institution and, for this reason, are required to 
be reviewed by the institution's senior management. The Agencies 
believe that it is important for institutions to maintain documentation 
for this category of elevated risk CSFTs, whether approved or declined, 
that reflects the factors considered by senior management in taking 
such action. The Agencies believe this type of documentation may be of 
significant benefit to the institution and to the Agencies in reviewing 
the effectiveness of the institution's CSFT-related policies, 
procedures, and internal controls. However, to help address the 
commenter's concern about potential burden, the Agencies have modified 
the Final Statement to recognize that the minutes of an institution's 
reviewing senior management committee may have the information 
described and to clarify that the documentation for a transaction 
should reflect the factors considered by senior management in taking 
action, but does not have to detail every aspect of the institution's 
legal or business analysis of the transaction.\11\
---------------------------------------------------------------------------

    \11\ In light of comments, the Agencies have modified the 
Documentation section of the Statement to clarify that an 
institution should retain sufficient documentation to establish that 
it has provided the customer any disclosures concerning an elevated 
risk CSFT that the institution is otherwise required to provide to 
the customer.
---------------------------------------------------------------------------

C. General Risk Management Principles for Elevated Risk CSFTs

    The Final Statement--like the Revised Proposed Statement--also 
describes some of the other key risk management policies and internal 
controls that financial institutions should have in place for elevated 
risk CSFTs. For example, the Final Statement provides that the board of 
directors and senior management of an institution should establish a 
``tone at the top'' through both actions and formalized policies that 
sends a strong message throughout

[[Page 1376]]

the financial institution about the importance of compliance with the 
law and overall good business ethics. The Final Statement also 
describes the types of training, reporting mechanisms, and audit 
procedures that institutions should have in place with respect to 
elevated risk CSFTs. The Final Statement also provides that a financial 
institution should conduct periodic independent reviews of its CSFT 
activities to verify and monitor that its policies and controls 
relating to elevated risk CSFTs are being implemented effectively and 
that elevated risk CSFTs are accurately identified and receive proper 
approvals.
    In response to comments, the Agencies have modified the Final 
Statement to clarify that the independent reviews conducted by a 
financial institution may be performed by the institution's audit 
department or an independent compliance function within the 
institution. One commenter also asked the Agencies to state that the 
proper role of an institution's independent review function is only to 
confirm that the institution's policies and procedures for elevated 
risk CSFTs are being followed and that the function should not assess 
the quality of the decisions made by institution personnel. The 
Agencies believe that an institution's audit or compliance department 
should have the flexibility, in appropriate circumstances, to review 
the decisions made by institution personnel during the review and 
approval process for elevated risk CSFTs and for this reason have not 
made the recommended change.

V. Paperwork Reduction Act

    In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 
3506; 5 CFR Part 1320, Appendix A.1), the Agencies reviewed the Final 
Statement. The Agencies may not conduct or sponsor, and an organization 
is not required to respond to, this information collection unless it 
displays a currently valid OMB control number. The Agencies previously 
determined that certain provisions of the Revised Proposed Statement 
contained information collection requirements. OMB reviewed and 
approved the information collections contained in the Revised Proposed 
Statement for the FDIC, OTS, OCC and SEC; and the Board reviewed the 
Revised Proposed Statement under the authority delegated to the Board 
by OMB (5 CFR Part 1320, Appendix A.1).
    OMB control numbers:
    OCC: 1557-0229.
    OTS: 1550-0111.
    FRB: 7100-0311.
    FDIC: 3064-0148.
    SEC: 3235-0622.

Burden Estimates

OCC

    Number of Respondents: 21.
    Estimated Time per Response: 25 hours.
    Total Estimated Annual Burden: 525 hours.

OTS

    Number of Respondents: 5.
    Estimated Time per Response: 25 hours.
    Total Estimated Annual Burden: 125 hours.

Board

    Number of Respondents: 20.
    Estimated Time per Response: 25 hours.
    Total Estimated Annual Burden: 500 hours.

FDIC

    Number of Respondents: 5.
    Estimated Time per Response: 25 hours.
    Total Estimated Annual Burden: 125 hours.

SEC

    Number of Respondents: 5.
    Estimated Time per Response: 25 hours.
    Total Estimated Annual Burden: 125 hours.
    No commenters addressed the Agencies' information collection 
estimates. The Agencies do not believe that the clarifications included 
in this Final Statement impact the burden estimates previously 
developed and approved for these information collections. The Agencies 
have a continuing interest in the public's opinions of our collections 
of information. At any time, comments regarding the burden estimate, or 
any other aspect of this collection of information, including 
suggestions for reducing the burden, may be sent to:
    OCC: You should direct your comments to:
    Communications Division, Office of the Comptroller of the Currency, 
Public Information Room, Mailstop 1-5, Attention: 1557-0229, 250 E 
Street, SW., Washington, DC 20219. In addition, comments may be sent by 
fax to (202) 874-4448, or by electronic mail to 
regs.comments@occ.treas.gov. You can inspect and photocopy the comments 
at the OCC's Public Information Room, 250 E Street, SW., Washington, DC 
20219. You can make an appointment to inspect the comments by calling 
(202) 874-5043. Additionally, you should send a copy of your comments 
to OCC Desk Officer, 1557-0229, by mail to U.S. Office of Management 
and Budget, 725 17th Street, NW., 10235, Washington, DC 20503, 
or by fax to (202) 395-6974.
    You can request additional information or a copy of the collection 
from Mary Gottlieb, OCC Clearance Officer, or Camille Dickerson, (202) 
874-5090, Legislative and Regulatory Activities Division, Office of the 
Comptroller of the Currency, 250 E Street, SW., Washington, DC 20219.
    OTS: Information Collection Comments, Chief Counsel's Office, 
Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552; 
send a facsimile transmission to (202) 906-6518; or send an e-mail to 
infocollection.comments@ots.treas.gov. OTS will post comments and the 
related index on the OTS Internet site at https://www.treas.gov. In 
addition, interested persons may inspect the comments at the Public 
Reading Room, 1700 G Street, NW., by appointment. To make an 
appointment, call (202) 906-5922, send an e-mail to 
public.info@ots.treas.gov, or send a facsimile transmission to (202) 
906-7755.
    To obtain a copy of the submission to OMB, contact Marilyn K. 
Burton at marilyn.burton@ots.treas.gov, (202) 906-6467, or fax number 
(202) 906-6518, Chief Counsel's Office, Office of Thrift Supervision, 
1700 G Street, NW., Washington, DC 20552
    Board: You may submit comments, identified by FR 4022, by any of 
the following methods:
     Agency Web site: https://www.federalreserve.gov. Follow the 
instructions for submitting comments at https://www.federalreserve.gov/
generalinfo/foia/ProposedRegs.cfm.
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     E-mail: Regs.comments@federalreserve.gov. Include docket 
number in the subject line of the message.
     Fax: (202) 452-3819 or (202) 452-3102.
     Mail: Michelle Long, Federal Reserve Board Clearance 
Officer (202) 452-3829, Division of Research and Statistics, Board of 
Governors of the Federal Reserve System, Washington, DC 20551. 
Telecommunications Device for the Deaf (TDD) users may contact (202) 
263-4869, Board of Governors of the Federal Reserve System, Washington, 
DC 20551.
    All public comments are available from the Board's Web site at 
https://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as 
submitted,

[[Page 1377]]

unless modified for technical reasons. Accordingly, your comments will 
not be edited to remove any identifying or contact information. Public 
comments may also be viewed electronically or in paper in Room MP-500 
of the Board's Martin Building (20th and C Streets, NW.) between 9 a.m. 
and 5 p.m. on weekdays.
    FDIC: Interested parties are invited to submit written comments to 
the FDIC concerning the Paperwork Reduction Act implications of this 
proposal. Such comments should refer to ``Complex Structured Finance 
Transactions, 3064-0148.'' Comments may be submitted by any of the 
following methods:
     https://www.FDIC.gov/regulations/laws/federal/propose.html.
     E-mail: comments@FDIC.gov. Include Complex Structured 
Financial Transactions, 3064-0148 in the subject line of the message.
     Mail: Steven F. Hanft (202) 898-3907, Federal Deposit 
Insurance Corporation, 550 17th Street, NW., Washington, DC 20429.
     Hand Delivery: Comments may be hand-delivered to the guard 
station at the rear of the 17th Street Building (located on F Street), 
on business days between 7 a.m. and 5 p.m.
    SEC: You should direct your comments to: Office of Management and 
Budget, Attention Desk Officer for the Securities and Exchange 
Commission, Office of Information and Regulatory Affairs, Room 10102, 
New Executive Office Building, Washington, DC 20503, with a copy sent 
to Nancy M. Morris, Secretary, Securities and Exchange Commission, 100 
F Street, NE., Washington, DC 20549-1090 with reference to File No. S7-
08-06.
    The Final Statement follows:

Interagency Statement on Sound Practices Concerning Elevated Risk 
Complex Structured Finance Activities

I. Introduction

    Financial markets have grown rapidly over the past decade, and 
innovations in financial instruments have facilitated the structuring 
of cash flows and allocation of risk among creditors, borrowers and 
investors in more efficient ways. Financial derivatives for market and 
credit risk, asset-backed securities with customized cash flow 
features, specialized financial conduits that manage pools of assets 
and other types of structured finance transactions serve important 
business purposes, such as diversifying risks, allocating cash flows, 
and reducing cost of capital. As a result, structured finance 
transactions now are an essential part of U.S. and international 
capital markets. Financial institutions have played and continue to 
play an active and important role in the development of structured 
finance products and markets, including the market for the more complex 
variations of structured finance products.
    When a financial institution participates in a complex structured 
finance transaction (``CSFT''), it bears the usual market, credit, and 
operational risks associated with the transaction. In some 
circumstances, a financial institution also may face heightened legal 
or reputational risks due to its involvement in a CSFT. For example, in 
some circumstances, a financial institution may face heightened legal 
or reputational risk if a customer's regulatory, tax or accounting 
treatment for a CSFT, or disclosures to investors concerning the CSFT 
in the customer's public filings or financial statements, do not comply 
with applicable laws, regulations or accounting principles. Indeed, in 
some instances, CSFTs have been used to misrepresent a customer's 
financial condition to investors, regulatory authorities and others. In 
these situations, investors have been harmed, and financial 
institutions have incurred significant legal and reputational exposure. 
In addition to legal risk, reputational risk poses a significant threat 
to financial institutions because the nature of their business requires 
them to maintain the confidence of customers, creditors and the general 
marketplace.
    The Office of the Comptroller of the Currency, the Office of Thrift 
Supervision, the Board of Governors of the Federal Reserve System, the 
Federal Deposit Insurance Corporation, and the Securities and Exchange 
Commission (the ``Agencies'') have long expected financial institutions 
to develop and maintain robust control infrastructures that enable them 
to identify, evaluate and address the risks associated with their 
business activities. Financial institutions also must conduct their 
activities in accordance with applicable statutes and regulations.

II. Scope and Purpose of Statement

    The Agencies are issuing this Statement to describe the types of 
risk management principles that we believe may help a financial 
institution to identify CSFTs that may pose heightened legal or 
reputational risks to the institution (``elevated risk CSFTs'') and to 
evaluate, manage and address these risks within the institution's 
internal control framework.\12\
---------------------------------------------------------------------------

    \12\ As used in this Statement, the term ``financial 
institution'' or ``institution'' refers to national banks in the 
case of the Office of the Comptroller of the Currency; federal and 
state savings associations and savings and loan holding companies in 
the case of the Office of Thrift Supervision; state member banks and 
bank holding companies (other than foreign banking organizations) in 
the case of the Federal Reserve Board; state nonmember banks in the 
case of the Federal Deposit Insurance Corporation; and registered 
broker-dealers and investment advisers in the case of the Securities 
and Exchange Commission. The U.S. branches and agencies of foreign 
banks supervised by the Office of the Comptroller, the Federal 
Reserve Board and the Federal Deposit Insurance Corporation also are 
considered to be financial institutions for purposes of this 
Statement.
---------------------------------------------------------------------------

    Structured finance transactions encompass a broad array of products 
with varying levels of complexity. Most structured finance 
transactions, such as standard public mortgage-backed securities 
transactions, public securitizations of retail credit cards, asset-
backed commercial paper conduit transactions, and hedging-type 
transactions involving ``plain vanilla'' derivatives and collateralized 
loan obligations, are familiar to participants in the financial 
markets, and these vehicles have a well-established track record. These 
transactions typically would not be considered CSFTs for the purpose of 
this Statement.
    Because this Statement focuses on sound practices related to CSFTs 
that may create heightened legal or reputational risks--transactions 
that typically are conducted by a limited number of large financial 
institutions--it will not affect or apply to the vast majority of 
financial institutions, including most small institutions. As in all 
cases, a financial institution should tailor its internal controls so 
that they are appropriate in light of the nature, scope, complexity and 
risks of its activities. Thus, for example, an institution that is 
actively involved in structuring and offering CSFTs that may create 
heightened legal or reputational risk for the institution should have a 
more formalized and detailed control framework than an institution that 
participates in these types of transactions less frequently. The 
internal controls and procedures discussed in this Statement are not 
all inclusive, and, in appropriate circumstances, an institution may 
find that other controls, policies, or procedures are appropriate in 
light of its particular CSFT activities.
    Because many of the core elements of an effective control 
infrastructure are the same regardless of the business line involved, 
this Statement draws heavily on controls and procedures that the 
Agencies previously have found to be effective in assisting a financial 
institution to manage and control risks and identifies ways in which 
these controls and procedures can be

[[Page 1378]]

effectively applied to elevated risk CSFTs. Although this Statement 
highlights some of the most significant risks associated with elevated 
risk CSFTs, it is not intended to present a full exposition of all 
risks associated with these transactions. Financial institutions are 
encouraged to refer to other supervisory guidance prepared by the 
Agencies for further information concerning market, credit, 
operational, legal and reputational risks as well as internal audit and 
other appropriate internal controls.
    This Statement does not create any private rights of action, and 
does not alter or expand the legal duties and obligations that a 
financial institution may have to a customer, its shareholders or other 
third parties under applicable law. At the same time, adherence to the 
principles discussed in this Statement would not necessarily insulate a 
financial institution from regulatory action or any liability the 
institution may have to third parties under applicable law.

III. Identification and Review of Elevated Risk Complex Structured 
Finance Transactions

    A financial institution that engages in CSFTs should maintain a set 
of formal, written, firm-wide policies and procedures that are designed 
to allow the institution to identify, evaluate, assess, document, and 
control the full range of credit, market, operational, legal and 
reputational risks associated with these transactions. These policies 
may be developed specifically for CSFTs, or included in the set of 
broader policies governing the institution generally. A financial 
institution operating in foreign jurisdictions may tailor its policies 
and procedures as appropriate to account for, and comply with, the 
applicable laws, regulations and standards of those jurisdictions.\13\
---------------------------------------------------------------------------

    \13\ In the case of U.S. branches and agencies of foreign banks, 
these policies, including management, review and approval 
requirements, should be coordinated with the foreign bank's group-
wide policies developed in accordance with the rules of the foreign 
bank's home country supervisor and should be consistent with the 
foreign bank's overall corporate and management structure as well as 
its framework for risk management and internal controls.
---------------------------------------------------------------------------

    A financial institution's policies and procedures should establish 
a clear framework for the review and approval of individual CSFTs. 
These policies and procedures should set forth the responsibilities of 
the personnel involved in the origination, structuring, trading, 
review, approval, documentation, verification, and execution of CSFTs. 
Financial institutions may find it helpful to incorporate the review of 
new CSFTs into their existing new product policies. In this regard, a 
financial institution should define what constitutes a ``new'' complex 
structured finance product and establish a control process for the 
approval of such new products. In determining whether a CSFT is new, a 
financial institution may consider a variety of factors, including 
whether it contains structural or pricing variations from existing 
products, whether the product is targeted at a new class of customers, 
whether it is designed to address a new need of customers, whether it 
raises significant new legal, compliance or regulatory issues, and 
whether it or the manner in which it would be offered would materially 
deviate from standard market practices. An institution's policies 
should require new complex structured finance products to receive the 
approval of all relevant control areas that are independent of the 
profit center before the product is offered to customers.
A. Identifying Elevated Risk CSFTs
    As part of its transaction and new product approval controls, a 
financial institution should establish and maintain policies, 
procedures and systems to identify elevated risk CSFTs. Because of the 
potential risks they present to the institution, transactions or new 
products identified as elevated risk CSFTs should be subject to 
heightened reviews during the institution's transaction or new product 
approval processes. Examples of transactions that an institution may 
determine warrant this additional scrutiny are those that (either 
individually or collectively) appear to the institution during the 
ordinary course of its transaction approval or new product approval 
process to:
     Lack economic substance or business purpose;
     Be designed or used primarily for questionable accounting, 
regulatory, or tax objectives, particularly when the transactions are 
executed at year end or at the end of a reporting period for the 
customer;
     Raise concerns that the client will report or disclose the 
transaction in its public filings or financial statements in a manner 
that is materially misleading or inconsistent with the substance of the 
transaction or applicable regulatory or accounting requirements;
     Involve circular transfers of risk (either between the 
financial institution and the customer or between the customer and 
other related parties) that lack economic substance or business 
purpose;
     Involve oral or undocumented agreements that, when taken 
into account, would have a material impact on the regulatory, tax, or 
accounting treatment of the related transaction, or the client's 
disclosure obligations; \14\
---------------------------------------------------------------------------

    \14\ This item is not intended to include traditional, non-
binding ``comfort'' letters or assurances provided to financial 
institutions in the loan process where, for example, the parent of a 
loan customer states that the customer states that the customer 
(i.e., the parent's subsidiary) is an integral and important part of 
the parent's operations.
---------------------------------------------------------------------------

     Have material economic terms that are inconsistent with 
market norms (e.g., deep ``in the money'' options or historic rate 
rollovers); or
     Provide the financial institution with compensation that 
appears substantially disproportionate to the services provided or 
investment made by the financial institution or to the credit, market 
or operational risk assumed by the institution.
    The examples listed previously are provided for illustrative 
purposes only, and the policies and procedures established by financial 
institutions may differ in how they seek to identify elevated risk 
CSFTs. The goal of each institution's policies and procedures, however, 
should remain the same--to identify those CSFTs that warrant additional 
scrutiny in the transaction or new product approval process due to 
concerns regarding legal or reputational risks.
    Financial institutions that structure or market, act as an advisor 
to a customer regarding, or otherwise play a substantial role in a 
transaction may have more information concerning the customer's 
business purpose for the transaction and any special accounting, tax or 
financial disclosure issues raised by the transaction than institutions 
that play a more limited role. Thus, the ability of a financial 
institution to identify the risks associated with an elevated risk CSFT 
may differ depending on its role.
B. Due Diligence, Approval and Documentation Process for Elevated Risk 
CSFTs
    Having developed a process to identify elevated risk CSFTs, a 
financial institution should implement policies and procedures to 
conduct a heightened level of due diligence for these transactions. The 
financial institution should design these policies and procedures to 
allow personnel at an appropriate level to understand and evaluate the 
potential legal or reputational risks presented by the transaction to 
the institution and to manage and address any heightened

[[Page 1379]]

legal or reputational risks ultimately found to exist with the 
transaction.
    Due Diligence. If a CSFT is identified as an elevated risk CSFT, 
the institution should carefully evaluate and take appropriate steps to 
address the risks presented by the transaction with a particular focus 
on those issues identified as potentially creating heightened levels of 
legal or reputational risk for the institution. In general, a financial 
institution should conduct the level and amount of due diligence for an 
elevated risk CSFT that is commensurate with the level of risks 
identified. A financial institution that structures or markets an 
elevated risk CSFT to a customer, or that acts as an advisor to a 
customer or investors concerning an elevated risk CSFT, may have 
additional responsibilities under the federal securities laws, the 
Internal Revenue Code, state fiduciary laws or other laws or 
regulations and, thus, may have greater legal and reputational risk 
exposure with respect to an elevated risk CSFT than a financial 
institution that acts only as a counterparty for the transaction. 
Accordingly, a financial institution may need to exercise a higher 
degree of care in conducting its due diligence when the institution 
structures or markets an elevated risk CSFT or acts as an advisor 
concerning such a transaction than when the institution plays a more 
limited role in the transaction.
    To appropriately understand and evaluate the potential legal and 
reputational risks associated with an elevated risk CSFT that a 
financial institution has identified, the institution may find it 
useful or necessary to obtain additional information from the customer 
or to obtain specialized advice from qualified in-house or outside 
accounting, tax, legal, or other professionals. As with any 
transaction, an institution should obtain satisfactory responses to its 
material questions and concerns prior to consummation of a 
transaction.\15\
---------------------------------------------------------------------------

    \15\ Of course, financial institutions also should ensure that 
their own accounting for transactions complies with applicable 
accounting standards, consistently applied.
---------------------------------------------------------------------------

    In conducting its due diligence for an elevated risk CSFT, a 
financial institution should independently analyze the potential risks 
to the institution from both the transaction and the institution's 
overall relationship with the customer. Institutions should not 
conclude that a transaction identified as being an elevated risk CSFT 
involves minimal or manageable risks solely because another financial 
institution will participate in the transaction or because of the size 
or sophistication of the customer or counterparty. Moreover, a 
financial institution should carefully consider whether it would be 
appropriate to rely on opinions or analyses prepared by or for the 
customer concerning any significant accounting, tax or legal issues 
associated with an elevated risk CSFT.
    Approval Process. A financial institution's policies and procedures 
should provide that CSFTs identified as having elevated legal or 
reputational risk are reviewed and approved by appropriate levels of 
control and management personnel. The designated approval process for 
such CSFTs should include representatives from the relevant business 
line(s) and/or client management, as well as from appropriate control 
areas that are independent of the business line(s) involved in the 
transaction. The personnel responsible for approving an elevated risk 
CSFT on behalf of a financial institution should have sufficient 
experience, training and stature within the organization to evaluate 
the legal and reputational risks, as well as the credit, market and 
operational risks to the institution.
    The institution's control framework should have procedures to 
deliver the necessary or appropriate information to the personnel 
responsible for reviewing or approving an elevated risk CSFT to allow 
them to properly perform their duties. Such information may include, 
for example, the material terms of the transaction, a summary of the 
institution's relationship with the customer, and a discussion of the 
significant legal, reputational, credit, market and operational risks 
presented by the transaction.
    Some institutions have established a senior management committee 
that is designed to involve experienced business executives and senior 
representatives from all of the relevant control functions within the 
financial institution (including such groups as independent risk 
management, tax, accounting, policy, legal, compliance, and financial 
control) in the oversight and approval of those elevated risk CSFTs 
that are identified by the institution's personnel as requiring senior 
management review and approval due to the potential risks associated 
with the transactions. While this type of management committee may not 
be appropriate for all financial institutions, a financial institution 
should establish processes that assist the institution in consistently 
managing the review and approval of elevated risk CSFTs on a firm-wide 
basis.\16\
---------------------------------------------------------------------------

    \16\ The control processes that a financial institution 
establishes for CSFTs should take account of, and be consistent 
with, any informational barriers established by the institution to 
manage potential conflicts of interest, insider trading or other 
concerns.
---------------------------------------------------------------------------

    If, after evaluating an elevated risk CSFT, the financial 
institution determines that its participation in the CSFT would create 
significant legal or reputational risks for the institution, the 
institution should take appropriate steps to address those risks. Such 
actions may include declining to participate in the transaction, or 
conditioning its participation upon the receipt of representations or 
assurances from the customer that reasonably address the heightened 
legal or reputational risks presented by the transaction. Any 
representations or assurances provided by a customer should be obtained 
before a transaction is executed and be received from, or approved by, 
an appropriate level of the customer's management. A financial 
institution should decline to participate in an elevated risk CSFT if, 
after conducting appropriate due diligence and taking appropriate steps 
to address the risks from the transaction, the institution determines 
that the transaction presents unacceptable risk to the institution or 
would result in a violation of applicable laws, regulations or 
accounting principles.
    Documentation. The documentation that financial institutions use to 
support CSFTs is often highly customized for individual transactions 
and negotiated with the customer. Careful generation, collection and 
retention of documents associated with elevated risk CSFTs are 
important control mechanisms that may help an institution monitor and 
manage the legal, reputational, operational, market, and credit risks 
associated with the transactions. In addition, sound documentation 
practices may help reduce unwarranted exposure to the financial 
institution's reputation.
    A financial institution should create and collect sufficient 
documentation to allow the institution to:
     Document the material terms of the transaction;
     Enforce the material obligations of the counterparties;
     Confirm that the institution has provided the customer any 
disclosures concerning the transaction that the institution is 
otherwise required to provide; and
     Verify that the institution's policies and procedures are 
being followed and allow the internal audit function to

[[Page 1380]]

monitor compliance with those policies and procedures.
    When an institution's policies and procedures require an elevated 
risk CSFT to be submitted for approval to senior management, the 
institution should maintain the transaction-related documentation 
provided to senior management as well as other documentation, such as 
minutes of the relevant senior management committee, that reflect 
senior management's approval (or disapproval) of the transaction, any 
conditions imposed by senior management, and the factors considered in 
taking such action. The institution should retain documents created for 
elevated risk CSFTs in accordance with its record retention policies 
and procedures as well as applicable statutes and regulations.
C. Other Risk Management Principles for Elevated Risk CSFTs
    General Business Ethics. The board and senior management of a 
financial institution also should establish a ``tone at the top'' 
through both actions and formalized policies that sends a strong 
message throughout the financial institution about the importance of 
compliance with the law and overall good business ethics. The board and 
senior management should strive to create a firm-wide corporate culture 
that is sensitive to ethical or legal issues as well as the potential 
risks to the financial institution that may arise from unethical or 
illegal behavior. This kind of culture coupled with appropriate 
procedures should reinforce business-line ownership of risk 
identification, and encourage personnel to move ethical or legal 
concerns regarding elevated risk CSFTs to appropriate levels of 
management. In appropriate circumstances, financial institutions may 
also need to consider