Corporate Credit Unions, 23861-23871 [2011-10108]

Download as PDF 23861 Rules and Regulations Federal Register Vol. 76, No. 83 Friday, April 29, 2011 This section of the FEDERAL REGISTER contains regulatory documents having general applicability and legal effect, most of which are keyed to and codified in the Code of Federal Regulations, which is published under 50 titles pursuant to 44 U.S.C. 1510. The Code of Federal Regulations is sold by the Superintendent of Documents. Prices of new books are listed in the first FEDERAL REGISTER issue of each week. ‘‘E-Verify@dhs.gov’’ instead of ‘‘Everify@dhs.gov’’. Christina E. McDonald, Acting Associate General Counsel for Regulatory Affairs, Department of Homeland Security. [FR Doc. 2011–10344 Filed 4–28–11; 8:45 am] BILLING CODE 9111–97–P NATIONAL CREDIT UNION ADMINISTRATION DEPARTMENT OF HOMELAND SECURITY 12 CFR Part 704 8 CFR Part 274a RIN 3133–AD74 [CIS No. 2441–08; Docket No. USCIS–2008– 0001] Corporate Credit Unions RIN 1615–AB69 Documents Acceptable for Employment Eligibility Verification; Correction U.S. Citizenship and Immigration Services (USCIS), DHS. Final rule; correction. The Department of Homeland Security corrects an inadvertent error contained under FOR FURTHER INFORMATION CONTACT of the final rule titled Documents Acceptable for Employment Eligibility Verification published in the Federal Register on April 15, 2011. The e-mail address referenced in the final rule should read ‘‘E-verify@dhs.gov’’. SUMMARY: This final rule is effective May 16, 2011. DATES: FOR FURTHER INFORMATION CONTACT: Letitia Coffin, Verification Division, U.S. Citizenship and Immigration Services, Department of Homeland Security, 131 M Street, NE., Suite 200, Washington, DC 20002, telephone (888) 464–4218 or e-mail at E-verify@dhs.gov. SUPPLEMENTARY INFORMATION: srobinson on DSKHWCL6B1PROD with RULES Need for Correction On April 15, 2011, the Department of Home land Security published a final rule in the Federal Register at 76 FR 21225 establishing Documents Acceptable for Employment Eligibility Verification. There was an inadvertent error in the document. The email referenced should be changed read VerDate Mar<15>2010 16:27 Apr 28, 2011 Jkt 223001 NCUA is issuing final amendments to its rule governing corporate credit unions (corporates). The amendments include internal control and reporting requirements for corporates similar to those required for banks under the Federal Deposit Insurance Act and the Sarbanes-Oxley Act. The amendments require each corporate to establish an enterprisewide risk management committee staffed with at least one risk management expert. The amendments require corporates conduct all board of director votes as recorded votes and include the votes of individual directors in the meeting minutes. The amendments permit corporates to charge their members reasonable onetime or periodic membership fees as necessary to facilitate retained earnings growth. For senior corporate executives who are dual employees of corporate credit union service organizations (CUSOs), the amendments also require disclosure of certain compensation received from the corporate CUSO. DATES: This rule is effective May 31, 2011, except that the amendments to §§ 704.2 and 704.15 are effective January 1, 2012, and the addition of § 704.21 is effective April 29, 2013. FOR FURTHER INFORMATION CONTACT: Jacqueline Lussier, Staff Attorney, Office of General Counsel; Elizabeth Wirick, Staff Attorney, Office of General Counsel; and Lisa Henderson, Staff Attorney, Office of General Counsel, all at telephone (703) 518–6540), National Credit Union Administration, 1775 SUMMARY: AGENCY: ACTION: National Credit Union Administration (NCUA). ACTION: Final rule. AGENCY: PO 00000 Frm 00001 Fmt 4700 Sfmt 4700 Duke Street, Alexandria, VA 22314; or David Shetler, Deputy Director, Office of Corporate Credit Unions, at the address above or telephone (703) 518–6640. SUPPLEMENTARY INFORMATION: I. Background In September 2010, the NCUA Board made substantial revisions to part 704 (with conforming amendments to parts 702, 703, 709, and 747). 75 FR 64786 (Oct. 20, 2010) (September Rulemaking). These amendments established a new capital scheme, including risk-based capital requirements; imposed new prompt corrective action requirements; placed various new limits on corporate investments; imposed new assetliability management controls; amended some corporate governance provisions; and limited a corporate CUSO to categories of activities preapproved by NCUA. The preamble to the September Rulemaking also stated that shortly after its promulgation the Board intended to issue another proposal that would further amend part 704 and related provisions. Id. at 64824. In November 2010, the Board issued the promised follow-on proposal with further revisions to the corporate rule. 75 FR 73000 (Nov. 29, 2010). The seven amendments proposed in November would have: • Provided for the sharing of Temporary Corporate Credit Union Stabilization Fund (TCCUSF) expenses among all members of corporate credit unions, including both credit union and noncredit union members; • Limited natural person credit unions (NPCUs) to membership in one corporate of the NPCU’s choice at any one time; • Required corporates conduct all board of director votes as recorded votes and include the votes of individual directors in the meeting minutes; • Incorporated certain audit, reporting, and audit committee practices from the Federal Deposit Insurance Act (FDI Act), Part 363 of the Federal Deposit Insurance Corporation (FDIC) Regulations, and the Sarbanes-Oxley Act of 2002; • Required corporates to establish enterprise-wide risk management committees staffed with at least one independent risk management expert; • Allowed corporates to charge their members reasonable one-time or periodic membership fees; and E:\FR\FM\29APR1.SGM 29APR1 23862 Federal Register / Vol. 76, No. 83 / Friday, April 29, 2011 / Rules and Regulations • Required the disclosure of compensation received from a corporate CUSO by certain highly compensated corporate credit union executives. The initial public comment period on the November proposals was 30 days, but the Board extended the comment period to 60 days. 75 FR 75648 (Dec. 6, 2010). During the comment period, which closed on January 28, 2011, NCUA received 227 comments from a wide variety of sources. II. Overview of the Final Amendments After considering the comments received on the November proposal, the Board determined not to proceed with the first two proposals listed above relating to the sharing of TCCUSF expenses and the limitation on corporate credit union membership. This final rule does include the other five November proposals. As discussed in detail below, the Board adopted the membership fee and CUSO compensation disclosure amendments exactly as proposed. In response to the comments, however, the Board adopted the final three proposals (i.e., relating to internal controls, enterprise risk management, and recording director votes) with some changes from the proposed versions. Additionally, some of the provisions relating to internal controls and enterprise risk management have delayed effective dates. III. Section-by-Section Analysis of the Final Amendments srobinson on DSKHWCL6B1PROD with RULES Section 704.2 Definitions The proposal included a number of new definitions in § 704.2, generally relating to terms used in the proposed internal control and reporting amendments to § 704.15. The newly defined terms included: Critical accounting policies, Enterprise risk management, Examination of internal control, Family, Financial statements, Financial statement audit, Generally accepted auditing standards, Independent public accountant, Internal control, Internal control framework, Internal control over financial reporting, and Supervisory committee. Although the proposed rule contained a definition for Family, that definition has been dropped from this final rule as the Board has determined that the existing part 704 definition of Immediate family member is sufficient. This final rule also modifies the proposed definition of Independent public accountant (IPA) slightly to ensure that if a state permits accountants licensed out-of-state to practice accounting in-state, those VerDate Mar<15>2010 16:27 Apr 28, 2011 Jkt 223001 accountants will be considered to fall within the IPA definition. The effective date of these new definitions is delayed to January 1, 2012, to correspond to the earliest effective date of the internal control and reporting amendments in § 704.15. Except as described above, the proposed § 704.2 definitions are adopted as proposed. Section 704.11 Corporate Credit Union Service Organizations; and § 704.19 Disclosure of Executive and Director Compensation The proposal included amendments to §§ 704.11 and 704.19 to ensure that the required disclosures of compensation paid to certain corporate employees under § 704.19 also capture compensation paid to these employees by any corporate CUSO in which the corporate credit union has invested or made a loan. The proposed revisions to § 704.19(a) clarified that a corporate credit union’s annual disclosures of compensation paid to its most highly compensated employees must include any compensation from a CUSO in which the corporate has invested. To facilitate an accurate disclosure, the proposal also required the CUSO agree to provide this information about dual employee compensation to the corporate. This agreement would be embedded in the general agreement between the corporate and the CUSO discussed in § 704.11(g). A slight majority of commenters opposed this proposed CUSO compensation disclosure requirement, and the most frequent reason given was a concern that this disclosure could lead to ‘‘piercing the corporate veil’’ between the corporate and the CUSO. The NCUA Board disagrees that disclosure of the compensation of dually-compensated employees, by itself or in connection with other factors, is likely to shift a CUSO’s legal liability to a corporate. Some commenters also worried NCUA might eventually impose these disclosure requirements on natural person credit unions and their CUSOs as well. At this time, the Board has no such intent. The Board does believe, however, that the members of corporate credit unions need this transparency with regard to corporate executive pay. Other commenters opined that NCUA has no authority to regulate CUSOs. The Board agrees that it cannot regulate CUSOs directly, but it can, for safety and soundness reasons, regulate the types of investments that credit unions make and whether credit unions should invest in CUSOs. If a corporate wishes to invest in, or loan to, an entity, that entity will likely meet the definition of PO 00000 Frm 00002 Fmt 4700 Sfmt 4700 a corporate CUSO, and the CUSO must conform to NCUA’s requirements if it wishes to retain that corporate investment. Another objector termed the proposal unnecessary because the information is required on, and can be obtained from, IRS Form 990. This objector is incorrect. For example, federally chartered credit unions do not file Form 990s, and, typically, the information contained on a completed Form 990 is not coextensive with the information required to be disclosed to members under this rule. One commenter who generally supported the proposal requested that disclosure be limited to the member/ owners of the corporate and that the disclosure not be made to the general public. The Board notes that § 704.19 does not require public disclosure, but only disclosure to members. 12 CFR 704.19(b). The corporate can make this member disclosure in a nonpublic manner if it desires. Accordingly, the Board adopts the proposed revisions to §§ 704.11 and 704.19 without change. Section 704.13 Board Responsibilities The proposal would have amended § 704.13 to require corporates to conduct all board of director votes as recorded votes and to include the votes of individual directors in the meeting minutes, with the goal of increasing the transparency of the corporate credit union decision-making process. In the final rule, the Board has modified this proposal to require recording only ‘‘no’’ votes and abstentions on a particular item where the affirmative votes can otherwise be determined as the remaining directors in attendance. Many commenters who opposed the proposal were concerned that requiring recorded votes would create divisiveness within the board or could lead to individuals being singled out for litigation or enforcement action. Some commenters also stated that the proposal would discourage individuals from serving on corporate boards. A few commenters also expressed concerns that NCUA would also eventually impose the same requirement on NPCUs. Other commenters opined that the proposal exceeded NCUA’s authority generally, arguing that only states could impose such requirements on state-chartered corporates. Another commenter stated this requirement was a matter for the bylaws, not a regulation. The Board disagrees with these commenters. Recent events in the corporate system illustrate the dangers resulting from the insular and nontransparent decision-making that occurred at some corporate credit E:\FR\FM\29APR1.SGM 29APR1 Federal Register / Vol. 76, No. 83 / Friday, April 29, 2011 / Rules and Regulations srobinson on DSKHWCL6B1PROD with RULES unions. As corporates continue their efforts to reorganize and recover from the crisis, it is essential that the members of corporate credit unions are able to see how their directors vote on matters that affect the members. While the Board acknowledges the possibility that this transparency requirement could create dissension among board members, the Board believes that the benefits of openness and transparency far outweigh any discomfort individual board members may face from recorded votes. Further, as discussed in the preamble to the proposed rule, NCUA has broad authority to require federallyinsured credit unions, including corporate credit unions, to prepare and submit financial information and other information as the Board requires. 12 U.S.C. 1761, 1766, 1781, 1782(a)(2), and 1789. Because of the importance of transparency in corporate credit union board decisions, and the effect those decisions can have on the safety and soundness of the entire credit union system, the Board believes this provision is appropriately placed in a regulation rather than relying on each corporate to adopt a conforming bylaw. A few commenters also asserted that the proposed recorded vote requirement would conflict with provisions of Roberts’ Rules of Order that provide for the chair to vote only in case of a tie, or with provisions of state law and the Revised Model Business Corporation Act that presume all directors assent to an action unless dissent is documented. Several commenters suggested recording ‘‘no’’ votes and abstentions would suffice, especially if the meeting minutes list the directors present. After considering these comments, the Board has modified the proposal to require recording only ‘‘no’’ votes and abstentions on all board votes, as long as the names of directors attending the meeting are recorded elsewhere in the minutes. Except as noted above, the Board adopts the revisions to § 704.13 as proposed. Section 704.15 Audit and Reporting Requirements NCUA currently requires that a corporate credit union’s board of directors ensure the preparation of timely and accurate balance sheets, income statements, and internal risk assessments and that systems are audited periodically in accordance with industry standards. 12 CFR 704.4(c). In addition, a corporate credit union’s supervisory committee must ensure that: (1) An external audit is performed annually in accordance with generally accepted auditing standards; and (2) the VerDate Mar<15>2010 16:27 Apr 28, 2011 Jkt 223001 audit report is submitted to the board of directors, to NCUA, and in a summary version, to the members. 12 CFR 704.15(a). To facilitate early identification of problems in financial management at corporate credit unions, the NCUA Board proposed to amend § 704.15 to add certain additional auditing, reporting, and supervisory committee requirements. These proposals were very similar to those required of banks by the FDIC. 12 CFR part 363. The most significant proposed revisions would have required a corporate to: • Ensure that its financial reports reflect all material correcting adjustments necessary to conform with generally accepted accounting principles (GAAP) as identified by the corporate’s IPA. • Prepare an annual management report, signed by the chief executive officer and the chief accounting officer or chief financial officer, that contains: (1) A statement of management’s responsibility for preparing financial statements, for establishing and maintaining an adequate internal control structure, and for complying with safety and soundness laws and regulations; (2) an assessment of the corporate’s compliance with such laws and regulations; and (3) for a corporate with assets of at least $1 billion, an assessment of the effectiveness of the internal control structure. • Ensure that its IPA: (1) Reports to the supervisory committee all critical accounting policies; (2) retains the working papers related to an audit for seven years; (3) complies with the independence standards and interpretations of the American Institute of Certified Public Accountants (AICPA); (4) has an acceptable peer review; (5) notifies NCUA if the IPA ceases being a corporate’s independent accountant; and (6) for a corporate with assets of at least $1 billion, reports separately to the supervisory committee on management’s assertions concerning the effectiveness of the corporate’s internal control structure. • Ensure that it: (1) Files a copy of its annual report to NCUA within 180 days after the end of the calendar year, which NCUA will make available for public inspection; (2) provides NCUA with a copy of any letter or report issued by its IPA; (3) informs NCUA when it engages an IPA or loses an IPA through dismissal or resignation; (4) provides a notice to NCUA of late filing of the annual report; and (5) submits a summary of its annual report to the membership. • Ensure that its supervisory committee (1) consists of members who PO 00000 Frm 00003 Fmt 4700 Sfmt 4700 23863 are independent of the corporate (defined as having no family relationships or material business or professional relationships with the corporate); (2) supervises the IPA; and (3) ensures that audit engagement letters do not contain unsafe and unsound limitation of liability provisions. The public commenters that addressed the proposed revisions to § 704.15 generally did so without discussing the specific revisions. That is, those in favor of the proposal simply stated that it was a good idea. Likewise, those opposed maintained generally that the proposed revisions to § 704.15 were too burdensome. A few commenters said that if any of the provisions were adopted, they should apply to all corporates regardless of size. The NCUA Board believes that the proposed amendments are important to ensure the accurate and reliable measurement of a corporate credit union’s assets and earnings, which has a direct bearing on the determination of regulatory capital. The Board believes that the amendments will help identify weaknesses in internal control over financial reporting and risk management at corporate credit unions and reinforce corrective measures, thus complementing supervisory efforts in contributing to the safety and soundness of corporate credit unions. Accordingly, the Board is adopting the provisions as proposed, except as discussed below. The Board is mindful, however, that corporates are still adjusting to the major part 704 revisions in the September Rulemaking, and that imposing these new auditing and reporting requirements on corporate credit unions immediately could be confusing and overly burdensome. Accordingly, the Board is delaying the effective date of all the § 704.15 revisions until at least January 1, 2012, and as discussed below, delaying some of the revisions into 2013 and 2014. Proposed paragraph 704.15(a)(2) required corporate credit union management to prepare an annual report containing certain enumerated elements. Several elements—including a statement of management’s responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting—applied to all corporates. However, proposed paragraph 704.15(a)(2)(iii), which required that management assess the effectiveness of the internal control structure and procedures for financial reporting, would have applied only to corporate credit unions with at least $1 billion in assets. Similarly, proposed paragraph 704.15(b)(2), which required E:\FR\FM\29APR1.SGM 29APR1 23864 Federal Register / Vol. 76, No. 83 / Friday, April 29, 2011 / Rules and Regulations that corporates have the IPA attest to management’s assertions concerning the effectiveness of the corporate’s internal control structure and procedures for financial reporting, also applied only to corporates with at least $1 billion in assets. Some commenters stated that all the internal control requirements in § 704.15 should apply to all corporates. After careful consideration, the Board agrees and has determined to remove the $1 billion asset threshold for these two provisions. All corporates present systemic risk and therefore should be subject to strong internal control reviews and attestations. To mitigate the compliance burden of these requirements, however, the Board has determined to delay the effective date of these provisions past 2012. The management assessment requirement in paragraph (a)(2)(iii) will take effect on January 1, 2013, so that only management reports prepared in 2013 (for the calendar year 2012) and for later calendar years must contain management’s assessment of the effectiveness of the internal control structure and procedures. In addition, the IPA assessment requirement in paragraph (b)(2) will take effect on January 1, 2014 for management reports prepared for the calendar year 2013 and thereafter. Proposed paragraph 704.15(d)(1) addressed the composition of a corporate credit union’s supervisory committee, stating that its members may not be employees of the corporate credit union and must be independent of the corporate credit union. A few commenters found this provision confusing, and the Board has clarified it. The final paragraph (d)(1) states that supervisory committee members must be independent of the operational side of the corporate, that is, the part of the credit union that is supervised, directly or indirectly, by the corporate’s Chief Executive Officer. Except as discussed above, the Board adopts § 704.15 as proposed. srobinson on DSKHWCL6B1PROD with RULES Section 704.21 Management Enterprise Risk The proposal included a new section on Enterprise Risk Management (ERM) requiring all corporate credit unions to develop and follow an ERM policy. The proposal required the board of directors establish an ERM committee responsible for overseeing the corporate’s risk management practices and for reporting at least annually to the board of directors. The committee would include at least one independent risk management expert with sufficient VerDate Mar<15>2010 16:27 Apr 28, 2011 Jkt 223001 experience in identifying, assessing, and managing risk exposures. The proposal defined independent to mean that the expert does not, going back three years, have any family relationships or any material business or professional relationships with the corporate that would affect his or her independence as a committee member. The risk management expert must have a post-graduate education; an actuarial, accounting, economics, financial, or legal background; and at least five years experience in identifying, assessing, and managing risk exposures. The expert’s experience must also be commensurate with the size of the corporate and the complexity of its operations. The board must hire this individual from outside the corporate. Most of the commenters who commented generally on enterprise risk assessments thought they were valuable and could be effective tools for management. Many of these commenters agreed with the proposed rule but thought it should be refined. Several other commenters specifically opposed any regulatory ERM requirement. Many of these commenters thought the ERM proposals were redundant with other committees (ALCO, supervisory, and audit) and unnecessary in light of these committees, regular NCUA and state examinations, and the new NCUA corporate regulations. Some of these commenters thought that the ERM functions were not sufficiently distinguished from the functions of the board, ALCO, supervisory committee, or audit committee, and that the ERM committee might impinge on the turf of these committees and the board, all without providing material new information or new benefit. These commenters, however, did not say specifically how the ERM might cause this confusion. A few commenters thought that NCUA should consider addressing ERM as guidance or best practices. A few commenters grouped the proposed rule’s ERM and audit reporting requirements together and generally opposed both as expensive and unnecessary. The Board disagrees with these comments. As general matter, organizations may be practicing good risk management on an exposure-byexposure basis, but they may not be paying close enough attention to the aggregation of exposures across the entire organization. An organization must measure and understand all the individual risks associated with its various business components, and also understand how they interact dynamically. A successful ERM process PO 00000 Frm 00004 Fmt 4700 Sfmt 4700 can help to meet many of those challenges. As one commenter stated, ‘‘[i]ncreasingly, [ERM] is being utilized by credit unions, particularly larger ones, as an important mechanism to ensure the organization has the proper, overall [perspective] on all of its risks and its capacity to manage those risks. * * * [E]nterprise risk assessments * * * can be very effective tools [for] making sure the corporate has the ability to identify, manage, and correct material risks.’’ There is a misapprehension among some commenters that the ERM committee would be redundant of other committees, such as the supervisory (or audit) and ALCO or credit committees. The FCU Act, NCUA’s regulations, and the standard federal corporate credit union bylaws provide for those committees and prescribe targeted areas of responsibility for each. The ERM committee’s unique mission would be to review and report on management’s identification and management of all of the corporate’s significant and emerging enterprise risk. The ERM committee would act in an advisory capacity to the board of directors to ensure that the board obtains focused, comprehensive information on enterprise risk, and not just on the individual, specific risks addressed by the ALCO, credit, and supervisory committees. The ERM committee would address all of an enterprise’s risks—including financial, operational, strategic, compliance, and reputational risks—under one umbrella. The ERM committee would also conduct its analysis and present its views independent of the earnings pressure faced by the operational side of the corporate. The pressure to achieve certain earnings goals can, in some instances, cause the operators to overlook or downplay the risks associated with their endeavors. The ERM committee has no power to require action by the corporate or any part of the corporate, and thus does not overlap with management’s turf or the turf of any other committee. To clarify that the committee is only advisory, and has no prescriptive powers or authorities, the final rule replaces the word ‘‘oversight’’ with the word ‘‘review’’ as it applies to the ERM committee’s activities. One commenter stated that, if the rule was adopted, it ought to specify a charter for the ERM committee and the scope of its duties and delegated responsibilities. The Board believes that the board of directors of the corporate has the responsibility to specify the duties of the ERM committee consistent with the requirements of this rule. Accordingly, a specific charter is not E:\FR\FM\29APR1.SGM 29APR1 srobinson on DSKHWCL6B1PROD with RULES Federal Register / Vol. 76, No. 83 / Friday, April 29, 2011 / Rules and Regulations necessary. Another commenter stated that annual ERM reporting is insufficient, and that it should be done at least quarterly. The Board agrees and has modified the regulation accordingly. Some commenters addressed the ERM expert. One commenter thought that a single expert was insufficient, and that multiple experts with different expertise were necessary. Another commenter thought a ‘‘part-time’’ consultant was not a good idea, and that the rule should encourage the use of ‘‘in-house full-time risk management experts.’’ A few commenters asked for clarification of the independence concept, and two commenters did not see how the ERM expert could remain independent from the corporate once the expert was compensated by the corporate. In response to these comments, the NCUA Board notes that the proposal required that the ERM committee include ‘‘at least’’ one independent risk management expert. Each corporate has the authority to determine whether additional experts are necessary or desirable. The Board also believes that each corporate should be permitted to decide whether to employ the expert on a full- or part-time basis as part of the ERM committee or to engage the expert as a consultant, either part- or full-time, and has clarified this in the rule text. As for the independence requirement, the Board’s intent was to ensure the ERM expert is not influenced by the operational side of the corporate credit union. For clarity, the final rule provides that an ERM expert is independent if neither the expert, nor any immediate family member of the expert, is supervised by, or has any other material business or professional relationship with, the chief executive officer or anyone supervised, directly or indirectly, by the CEO. This is similar to the independence standard applicable to the members of the supervisory committee as provided under § 704.15(d). Also, the Board notes that the fact that the expert is compensated by the corporate does not undermine the independence of the expert any more than compensating the independent public accountant undermines the IPA’s independence. The Board is delaying the effective date of this ERM section for 24 months to give corporates time to put together an ERM policy, assemble an ERM committee, and locate and hire a qualified ERM expert. The final rule also renumbers this ERM section as § 704.21, instead of § 704.22 as proposed. Except as discussed above, the Board adopts the final ERM section as proposed. VerDate Mar<15>2010 16:27 Apr 28, 2011 Jkt 223001 Section 704.22 Membership Fees The proposal included a new section on membership fees permitting a corporate the option to charge its members a one-time or periodic membership fee as a mandatory requirement of membership. The purpose of the proposal was to give corporates another tool to build retained earnings. The proposal required the fee be uniform and proportional to the member’s asset size. The corporate could reduce the fee for members that have contributed capital to the corporate, but any reduction would have to be proportional to the amount of the member’s non-depleted contributed capital. The corporate would have to give members at least six months advance notice of any initial or new fees, or any material change to a recurring fee. A corporate could terminate the membership of any credit union that fails to pay the fee fully within 60 days of invoicing. Of the commenters who commented on this provision, slightly over half supported it, with the rest opposed to it. Several corporate credit unions commented on the proposal with most supporting it. Many commenters that supported the proposal recommended some changes to it, as discussed below. Some supportive commenters stated corporates should be allowed to determine the amount of the fee without the limits imposed in the proposed rule and in accordance with a formulation set by the corporate. Some of these commenters felt that adequate disclosure to the members should be the only requirement. The Board does not agree with these comments. The rule provides corporates the option of charging reasonable membership fees as a way to build retained earnings. The requirement that fees be calculated uniformly for all members and as a percentage of each member’s assets is a safeguard against the imposition of arbitrary and unreasonable fees and ensures fair treatment of all members, including smaller natural person credit unions. Furthermore, this fee provision does give corporates the flexibility to reduce fees for those members that are contributing more capital to the corporate. One commenter also recommended that the rule require any membership fees be approved by at least a majority vote of the corporate’s members. Again, the Board disagrees. Allowing members to vote on whether the corporate may charge such fees would undermine the corporate’s flexibility in employing fees as a tool to attain required retained earnings targets. PO 00000 Frm 00005 Fmt 4700 Sfmt 4700 23865 Also, the rule provides for adequate notice to members about upcoming fees so that the members can oppose the fee or obtain their services elsewhere. Some commenters stated that the required six-month notice provision for any new fees is too long, and should be shortened to something like 45 or 60 days. These commenters believe that this would permit corporates to more accurately estimate the need for and results from assessing the fee. Another commenter opined that six months notice is adequate for routine fees, but that for more significant fee charges the proposal does not allow time for forward planning by credit union members. The Board disagrees with these commenters. The Board believes that the required minimum six-month advance notice is reasonable for planning by both corporates and members. A notice period shorter than six months would not give members adequate time to look for alternative service providers should they find the fees too onerous. The commenter who said that six months notice is adequate for routine fees, but wanted a longer advance notice period for more significant charges did not define ‘‘routine fees’’ or ‘‘more significant charges.’’ The proposed rule sets only a minimum notice period; it does not keep a corporate from providing additional advance notice for particular fees. Those commenters who opposed permitting membership fees provided various reasons for their opposition. Some of these commenters felt such fees would put additional, unwarranted financial strain on NPCUs already required to contribute capital to corporates and make payments to the Temporary Corporate Credit Union Stabilization Fund. Many of these commenters thought the fee option would give corporates too much power over their NPCU members. The Board believes that the fee rule provides an acceptable balance between the corporates’ need for retained earnings and capital and the members’ need for services. Some commenters expressed concern about allowing a corporate to ‘‘expel’’ a member for not paying membership fees. One commenter felt the proposal appears to circumvent the expulsion process established in the FCU Act and that the process of expulsion should be defined with regard to capital and contract requirements. Several commenters stated that the proposal does not address whether an NPCU whose membership is terminated for E:\FR\FM\29APR1.SGM 29APR1 23866 Federal Register / Vol. 76, No. 83 / Friday, April 29, 2011 / Rules and Regulations failure to pay the fee will get its perpetual contributed capital back. The Board believes that some of these commenters are mischaracterizing the membership termination provision as an ‘‘expulsion’’ from membership. A corporate has the right to terminate membership of any member that does not comply with the minimum conditions of membership, such as maintaining the minimum share balance required under the bylaws. Such termination is not an expulsion. Likewise, failure to pay a legally imposed membership fee in a timely fashion under this new section subjects the member to potential membership termination. In addition, provisions for the return of membership capital are addressed elsewhere in part 704. The Board notes that the membership fees section numbering in the proposed (i.e., § 704.23) is changed to § 704.22 in the final rule. Also, paragraph (d) of the proposed § 704.23 stated that the corporate credit union may terminate the membership of any credit union that fails to pay the fee in full on a timely basis. The reference to credit union should have been to member since corporates may have certain entities in their fields of membership that are not credit unions, and the final rule corrects this reference. Except as discussed above, the Board adopts this membership fee provision as proposed. IV. Regulatory Procedures Regulatory Flexibility Act The Regulatory Flexibility Act requires NCUA to prepare an analysis to describe any significant economic impact any regulation may have on a substantial number of small entities (those under $10 million in assets). This final regulation applies only to corporate credit unions, all of which have assets well in excess of $10 million. Accordingly, the NCUA Board certifies that this final rule will not have a significant economic impact on a substantial number of small credit unions and, therefore, a regulatory flexibility analysis is not required. srobinson on DSKHWCL6B1PROD with RULES Paperwork Reduction Act The Paperwork Reduction Act of 1995 (PRA) applies to rulemakings in which an agency by rule creates a new paperwork burden on regulated entities or modifies an existing burden. 44 U.S.C. 3507(d). For purposes of the PRA, a paperwork burden may take the form of a reporting, recordkeeping, or disclosure requirement, each referred to as an information collection. NCUA identified and described several VerDate Mar<15>2010 16:27 Apr 28, 2011 Jkt 223001 information collection requirements in the proposed rule. As required by the PRA, NCUA submitted a copy of the proposed rule to the Office of Management and Budget (OMB) for its review and approval. Persons interested in submitting comments with respect to the information collection aspects of the proposed rule were invited to submit them to OMB (with a copy to NCUA) at the addresses noted in the preamble to the proposed rule. For several reasons, NCUA has modified the final estimated burden associated with the final rule. At the time the proposed rule was issued, there were 27 corporate credit unions, and there are now only 26 corporates. This reduction affects the burden estimates for some aspects of the information collection requirements, as discussed below. In addition, and as discussed more fully in the preamble to this final rule, the Board has determined to make several changes in the final rule, and some of those changes affect the burden estimates for some aspects of the information collection requirements. These changes are also discussed below. Finally, NCUA received one comment specifically addressed to the agency’s estimates of paperwork burden as set out in the preamble to the proposed rule concerning proposed § 704.15, Audit and reporting requirements. This comment is discussed below in the section addressing the burden represented by § 704.15(a)(2). The specific provisions of the final rule with hour-burden estimates different from the proposal follow. Section 704.13(c)(8)—Recorded Director Votes As proposed, this section required all 27 corporates to conduct all board of director votes by recorded vote and to record those votes in the minutes of the directors’ meetings. In the proposed rule, NCUA estimated that compliance with the requirement should take approximately 1 hour and that each corporate would hold 12 meetings per year. 27 corporates × 12 meetings = 324 meetings per year. 324 meetings × 1 hours = 324 hours. There are now 26 corporates, so the estimated burden is reduced. 26 corporates × 12 meetings = 312 meetings per year. 312 meetings × 1 hour = 312 hours. Accordingly, this change has the effect of decreasing the estimated burden by 12 hours. Section 704.21—Equitable Distribution of Corporate Credit Union Stabilization Fund Expenses The Board has determined not to adopt this proposal in the final rule. PO 00000 Frm 00006 Fmt 4700 Sfmt 4700 This eliminates the associated information collection requirements, which consisted of (i) an aggregate estimated 540 hours for the preparation of a list of non-FICU members of each corporate and providing the list to NCUA and (ii) an aggregate estimated 675 hours for conducting a special meeting of a corporate’s members to expel a member and notifying NCUA of the result of the vote. Accordingly, the elimination of this section has the effect of decreasing the estimated aggregate burden by 1,215 hours. Section 704.15(a)(2)—Management Report NCUA received one comment letter opposed to nearly every aspect of the audit and reporting requirements under proposed § 704.15. One of the comments concerned NCUA’s paperwork burden estimates. The commenter stated that the management report requirements in proposed § 704.15(a)(2) will substantially increase the cost of compliance, ‘‘far beyond what the NCUA reports in the Summary of Collection Burden of the regulation.’’ The commenter, however, failed to provide any specific information on what the increased burden hours or costs would be. There are two information collections in proposed § 704.15(a)(2), as described below: (1) As proposed, paragraphs (a)(2)(i) and (ii) of § 704.15 require all corporates to prepare an annual management report that contains a statement of management’s responsibilities for performing certain duties in the corporate. The report must also contain an assessment of the corporate’s compliance with certain laws and regulations. NCUA estimated that it should take a corporate approximately 4 hours to prepare its management report. 27 corporates × 4 hours = 108 hours. (2) As proposed, paragraph (a)(2)(iii) of § 704.15 required each corporate credit union with assets of $1 billion or more to include in its management report an assessment by management of the effectiveness of the corporate credit union’s internal control structure and procedures for financial reporting. There were 16 corporates with at least $1 billion in assets at the time the proposed rule was issued. NCUA estimated that it should take a corporate approximately 8 hours to prepare its assessment. 16 corporates × 8 hours = 128 hours. After considering the comment and based on additional information, the following factors affect the estimated burden hours associated with § 704.15(a)(2): E:\FR\FM\29APR1.SGM 29APR1 Federal Register / Vol. 76, No. 83 / Friday, April 29, 2011 / Rules and Regulations The Treasury and General Government Appropriations Act, 1999—Assessment of Federal Regulations and Policies on Families The NCUA has determined that this final rule will not affect family wellbeing within the meaning of section 654 of the Treasury and General Government Appropriations Act, 1999, Public Law 105–277, 112 Stat. 2681 (1998). Executive Order 13132 srobinson on DSKHWCL6B1PROD with RULES • The number of corporates has dropped from 27 to 26; • The final rule applies the assessment requirements of § 704.15(a)(2)(iii) to all corporates, regardless of asset size; and • NCUA estimates that the burden hours per corporate will be 25% greater than the burden estimated in the proposal. Accordingly, NCUA estimates that it should take a corporate about 5 hours to prepare its management report under paragraphs (a)(2)(i) and (ii) of § 704.15. 26 corporates × 5 hours = 130 hours. NCUA estimates that it should take a corporate about 10 hours to prepare its assessment under paragraph (a)(2)(iii) of § 704.15. 26 corporates × 10 hours = 260 hours. With the revisions described above, NCUA now estimates the total information collection burden represented by the final rule, calculated on an annual basis, as follows: • Recorded director votes: 26 corporates × 12 meetings × 1 hour = 312 hours. • Disclosure of dual employee compensation from corporate CUSOs: 5 CUSOs × 1 hour = 5 hours. • Management report: 26 corporates × 5 hours = 130 hours. • Assessment: 26 corporates × 10 hours = 260 hours. • Notice of engagement or change of accountants: 5 corporates × 2 hours = 10 hours. • Notification of late filing: 5 corporates × 1 hour = 5 hours. Total Burden Hours: 722 hours. NCUA has submitted these burden revisions to OMB. NCUA expects that OMB will review and approve the revisions, and approve NCUA’s submission, in the near future. Authority: 12 U.S.C. 1762, 1766(a), 1772a, 1781, 1789, and 1795e. Executive Order 13132 encourages independent regulatory agencies to consider the impact of their actions on state and local interests. In adherence to fundamental federalism principles, NCUA, an independent regulatory agency as defined in 44 U.S.C. 3502(5), voluntarily complies with the executive order. The final rule will not have substantial direct effects on the states, on the connection between the national government and the states, or on the distribution of power and responsibilities among the various levels of government. NCUA has determined that this final rule does not constitute a policy that has federalism implications for purposes of the executive order. ■ VerDate Mar<15>2010 16:27 Apr 28, 2011 Jkt 223001 Small Business Regulatory Enforcement Fairness Act The Small Business Regulatory Enforcement Fairness Act of 1996 (Pub. L. 104–121) provides generally for congressional review of agency rules. A reporting requirement is triggered in instances where NCUA issues a final rule as defined by section 551 of the Administrative Procedure Act. 5 U.S.C. 551. The Office of Management and Budget has determined that this rule is not a major rule for purposes of the Small Business Regulatory Enforcement Fairness Act of 1996. List of Subjects in 12 CFR Part 704 Credit unions, Corporate credit unions, Reporting and recordkeeping requirements. By the National Credit Union Administration Board on April 21, 2011. Mary F. Rupp, Secretary of the Board. For the reasons stated in the preamble, the National Credit Union Administration amends 12 CFR part 704 as set forth below: PART 704—CORPORATE CREDIT UNIONS 1. The authority citation for part 704 continues to read as follows: ■ 2. Effective January 1, 2012, add definitions of Critical accounting policies, Enterprise risk management, Examination of internal control, Financial statements, Financial statement audit, Generally accepted auditing standards, Independent public accountant, Internal control, Internal control framework, Internal control over financial reporting, and Supervisory committee to § 704.2 as follows: § 704.2 Definitions. * * * * * Critical accounting policies means those policies that are most important to the portrayal of a corporate credit union’s financial condition and results and that require management’s most difficult, subjective, or complex PO 00000 Frm 00007 Fmt 4700 Sfmt 4700 23867 judgments, often as a result of the need to make estimates about the effect of matters that are inherently uncertain. * * * * * Enterprise risk management means the process of addressing risk on an entity-wide basis. The purpose of this process is not to eliminate risk but, rather, to provide the knowledge the board of directors and management need to effectively measure, monitor, and control risk and to then plan appropriate strategies to achieve the entity’s business objectives with a reasonable amount of risk taking. * * * * * Examination of internal control means an engagement of an independent public accountant to report directly on internal control or on management’s assertions about internal control. An examination of internal control over financial reporting includes controls over the preparation of financial statements in accordance with accounting principles generally accepted in the United States of America (GAAP) and NCUA regulatory reporting requirements. * * * * * Financial statements means the presentation of a corporate credit union’s financial data, including accompanying notes, derived from accounting records of the credit union, and intended to disclose the credit union’s economic resources or obligations at a point in time, or the changes therein for a period of time, in conformity with GAAP. Each of the following is considered to be a financial statement: a balance sheet or statement of financial condition; statement of income or statement of operations; statement of undivided earnings; statement of cash flows; statement of changes in members’ equity; statement of revenue and expenses; and statement of cash receipts and disbursements. Financial statement audit means an audit of the financial statements of a corporate credit union performed in accordance with generally accepted auditing standards by an independent person who is licensed by the appropriate State or jurisdiction. The objective of a financial statement audit is to express an opinion as to whether those financial statements of the credit union present fairly, in all material respects, the financial position and the results of its operations and its cash flows in conformity with GAAP. * * * * * Generally accepted auditing standards (GAAS) means the standards approved and adopted by the American Institute of Certified Public Accountants E:\FR\FM\29APR1.SGM 29APR1 srobinson on DSKHWCL6B1PROD with RULES 23868 Federal Register / Vol. 76, No. 83 / Friday, April 29, 2011 / Rules and Regulations which apply when an independent, licensed certified public accountant audits private company financial statements in the United States of America. Auditing standards differ from auditing procedures in that procedures address acts to be performed, whereas standards measure the quality of the performance of those acts and the objectives to be achieved by use of the procedures undertaken. In addition, auditing standards address the auditor’s professional qualifications as well as the judgment exercised in performing the audit and in preparing the report of the audit. * * * * * Independent public accountant (IPA) means a person who is licensed by, or otherwise authorized by, the appropriate State or jurisdiction to practice public accounting. An IPA must be able to exercise fairness toward credit union officials, members, creditors and others who may rely upon the report of a supervisory committee audit and to demonstrate the impartiality necessary to produce dependable findings. As used in this part, IPA is synonymous with the terms ‘‘auditor’’ and ‘‘accountant.’’ The term IPA does not include a licensed person working in his or her capacity as an employee of an unlicensed entity and issuing an audit opinion in the unlicensed entity’s name, e.g., a licensed league auditor or licensed retired examiner working for a nonlicensed entity. * * * * * Internal control means the process, established by the corporate credit union’s board of directors, officers and employees, designed to provide reasonable assurance of reliable financial reporting and safeguarding of assets against unauthorized acquisition, use, or disposition. A credit union’s internal control structure generally consists of five components: Control environment; risk assessment; control activities; information and communication; and monitoring. Reliable financial reporting refers to preparation of Call Reports that meet management’s financial reporting objectives. Internal control over safeguarding of assets against unauthorized acquisition, use, or disposition refers to prevention or timely detection of transactions involving such unauthorized access, use, or disposition of assets which could result in a loss that is material to the financial statements. Internal control framework means criteria such as that established in Internal Control—Integrated VerDate Mar<15>2010 16:27 Apr 28, 2011 Jkt 223001 Framework, issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), or comparable, reasonable, and U.S.recognized criteria. Internal control over financial reporting means a process effected by those charged with governance, management, and other personnel, designed to provide reasonable assurance regarding the preparation of reliable financial statements in accordance with accounting principles generally accepted in the United States of America. A corporate credit union’s internal control over financial reporting includes those policies and procedures that: (1) Pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the entity; (2) Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with accounting principles generally accepted in the United States of America, and that receipts and expenditures of the entity are being made only in accordance with authorizations of management and those charged with governance; and (3) Provide reasonable assurance regarding prevention, or timely detection and correction, of unauthorized acquisition, use, or disposition of the entity’s assets that could have a material effect on the financial statements. * * * * * Supervisory committee means, for federally chartered corporate credit unions, the supervisory committee as defined in Section 111(b) of the Federal Credit Union Act, 12 U.S.C. 1761(b). For state chartered corporate credit unions, the term supervisory committee refers to the audit committee, or similar committee, designated by state statute or regulation. * * * * * ■ 3. Revise paragraphs (g)(5) and (g)(6), and add a new paragraph (g)(7), to § 704.11 to read as follows: § 704.11. Corporate Credit Union Service Organizations (Corporate CUSOs). * * * * * (g) * * * (5) Will allow the auditor, board of directors, and NCUA complete access to the CUSO’s personnel, facilities, equipment, books, records, and any other documentation that the auditor, directors, or NCUA deem pertinent; (6) Will inform the corporate, at least quarterly, of all the compensation paid PO 00000 Frm 00008 Fmt 4700 Sfmt 4700 by the CUSO to its employees who are also employees of the corporate credit union; and (7) Will comply with all the requirements of this section. * * * * * ■ 4. Revise paragraphs (c)(6) and (c)(7), and add a new paragraph (c)(8), in § 704.13 to read as follows: § 704.13 Board responsibilities. * * * * * (c) * * * (6) Financial performance is evaluated to ensure that the objectives of the corporate credit union and the responsibilities of management are met; (7) Planning addresses the retention of external consultants, as appropriate, to review the adequacy of technical, human, and financial resources dedicated to support major risk areas; and (8) For each item before the board, the meeting minutes list the names of directors and their votes, as well as the names of any directors who did not vote, except that if the minutes include a complete list of directors attending the meeting, the vote tally need only list the names of directors who voted against the item or who abstained. ■ 5. Effective January 1, 2012, revise § 704.15 to read as follows: § 704.15 Audit and reporting requirements. (a) Annual reporting requirements— (1) Audited financial statements. A corporate credit union must prepare annual financial statements in accordance with generally accepted accounting principles (GAAP), which must be audited by an independent public accountant in accordance with generally accepted auditing standards. The annual financial statements and regulatory reports must reflect all material correcting adjustments necessary to conform with GAAP that were identified by the corporate credit union’s independent public accountant. (2) Management report. Each corporate credit union must prepare, as of the end of the previous calendar year, an annual management report that contains the following: (i) A statement of management’s responsibilities for preparing the corporate credit union’s annual financial statements, for establishing and maintaining an adequate internal control structure and procedures for financial reporting, and for complying with laws and regulations relating to safety and soundness in the following areas: affiliate transactions, legal lending limits, loans to insiders, restrictions on capital and share E:\FR\FM\29APR1.SGM 29APR1 srobinson on DSKHWCL6B1PROD with RULES Federal Register / Vol. 76, No. 83 / Friday, April 29, 2011 / Rules and Regulations dividends, and regulatory reporting that meets full and fair disclosure; (ii) An assessment by management of the corporate credit union’s compliance with such laws and regulations during the past calendar year. The assessment must state management’s conclusion as to whether the corporate credit union has complied with the designated safety and soundness laws and regulations during the calendar year and disclose any noncompliance with the laws and regulations; and (iii) Beginning on and after January 1, 2013, an assessment by management of the effectiveness of the corporate credit union’s internal control structure and procedures as of the end of the past calendar year that must include the following: (A) A statement identifying the internal control framework used by management to evaluate the effectiveness of the corporate credit union’s internal control over financial reporting; (B) A statement that the assessment included controls over the preparation of regulatory financial statements in accordance with regulatory reporting instructions including identification of such regulatory reporting instructions; and (C) A statement expressing management’s conclusion as to whether the corporate credit union’s internal control over financial reporting is effective as of the end of the previous calendar year. Management must disclose all material weaknesses in internal control over financial reporting, if any, that it has identified that have not been remediated prior to the calendar year-end. Management may not conclude that the corporate credit union’s internal control over financial reporting is effective if there are one or more material weaknesses. (3) Management report signatures. The chief executive officer and either the chief accounting officer or chief financial officer of the corporate credit union must sign the management report. (b) Independent public accountant— (1) Annual audit of financial statements. Each corporate credit union must engage an independent public accountant to audit and report on its annual financial statements in accordance with generally accepted auditing standards. The scope of the audit engagement must be sufficient to permit such accountant to determine and report whether the financial statements are presented fairly and in accordance with GAAP. A corporate credit union must provide its independent public accountant with a copy of its most recent Call Report and VerDate Mar<15>2010 16:27 Apr 28, 2011 Jkt 223001 NCUA examination report. It must also provide its independent public accountant with copies of any notice that its capital category is being changed or reclassified and any correspondence from NCUA regarding compliance with this section. (2) Internal control over financial reporting. Beginning on and after January 1, 2014, the independent public accountant who audits the corporate credit union’s financial statements must examine, attest to, and report separately on the assertion of management concerning the effectiveness of the corporate credit union’s internal control structure and procedures for financial reporting. The attestation and report must be made in accordance with generally accepted standards for attestation engagements. The accountant’s report must not be dated prior to the date of the management report and management’s assessment of the effectiveness of internal control over financial reporting. Notwithstanding the requirements set forth in applicable professional standards, the accountant’s report must include the following: (i) A statement identifying the internal control framework used by the independent public accountant, which must be the same as the internal control framework used by management, to evaluate the effectiveness of the corporate credit union’s internal control over financial reporting; (ii) A statement that the independent public accountant’s evaluation included controls over the preparation of regulatory financial statements in accordance with regulatory reporting instructions including identification of such regulatory reporting instructions; and (iii) A statement expressing the independent public accountant’s conclusion as to whether the corporate credit union’s internal control over financial reporting is effective as of the end of the previous calendar year. The report must disclose all material weaknesses in internal control over financial reporting that the independent public accountant has identified that have not been remediated prior to the calendar year-end. The independent public accountant may not conclude that the corporate credit union’s internal control over financial reporting is effective if there are one or more material weaknesses. (3) Notice by accountant of termination of services. An independent public accountant performing an audit under this part who ceases to be the accountant for a corporate credit union must notify NCUA in writing of such termination within 15 days after the PO 00000 Frm 00009 Fmt 4700 Sfmt 4700 23869 occurrence of such event and set forth in reasonable detail the reasons for such termination. (4) Communications with supervisory committee. In addition to the requirements for communications with audit committees set forth in applicable professional standards, the independent public accountant must report the following on a timely basis to the supervisory committee: (i) All critical accounting policies and practices to be used by the corporate credit union; (ii) All alternative accounting treatments within GAAP for policies and practices related to material items that the independent public accountant has discussed with management, including the ramifications of the use of such alternative disclosures and treatments, and the treatment preferred by the independent public accountant; and (iii) Other written communications the independent public accountant has provided to management, such as a management letter or schedule of unadjusted differences. (5) Retention of working papers. The independent public accountant must retain the working papers related to the audit of the corporate credit union’s financial statements and, if applicable, the evaluation of the corporate credit union’s internal control over financial reporting for seven years from the report release date, unless a longer period of time is required by law. (6) Independence. The independent public accountant must comply with the independence standards and interpretations of the American Institute of Certified Public Accountants (AICPA). (7) Peer reviews and inspection reports. (i) Prior to commencing any services for a corporate credit union under this section, the independent public accountant must have received a peer review, or be enrolled in a peer review program, that meets acceptable guidelines. Acceptable peer reviews include peer reviews performed in accordance with the AICPA’s Peer Review Standards and inspections conducted by the Public Company Accounting Oversight Board (PCAOB). (ii) Within 15 days of receiving notification that the AICPA has accepted a peer review or the PCAOB has issued an inspection report, or before commencing any audit under this section, whichever is earlier, the independent public accountant must file a copy of the most recent peer review report and the public portion of the most recent PCAOB inspection report, if any, accompanied by any E:\FR\FM\29APR1.SGM 29APR1 srobinson on DSKHWCL6B1PROD with RULES 23870 Federal Register / Vol. 76, No. 83 / Friday, April 29, 2011 / Rules and Regulations letters of comments, response, and acceptance, with NCUA if the report has not already been filed. (iii) Within 15 days of the PCAOB making public a previously nonpublic portion of an inspection report, the independent public accountant must file a copy of the previously nonpublic portion of the inspection report with NCUA. (c) Filing and notice requirements— (1) Annual Report. Each corporate credit union must, no later than 180 days after the end of the calendar year, file an Annual Report with NCUA consisting of the following documents: (i) The audited comparative annual financial statements; (ii) The independent public accountant’s report on the audited financial statements; (iii) The management report; and (iv) The independent public accountant’s attestation report on management’s assessment concerning the corporate credit union’s internal control structure and procedures for financial reporting. (2) Public availability. The annual report in paragraph (c)(1) of this section will be made available by NCUA for public inspection. (3) Independent public accountant’s letters and reports. Each corporate credit union must file with NCUA a copy of any management letter or other report issued by its independent public accountant with respect to such corporate credit union and the services provided by such accountant pursuant to this part (except for the independent public accountant’s reports that are included in the Annual Report) within 15 days after receipt by the corporate credit union. Such reports include, but are not limited to: (i) Any written communication regarding matters that are required to be communicated to the supervisory committee (for example, critical accounting policies, alternative accounting treatments discussed with management, and any schedule of unadjusted differences); and (ii) Any written communication of significant deficiencies and material weaknesses in internal control required by the AICPA’s auditing standards. (4) Notice of engagement or change of accountants. Each corporate credit union that engages an independent public accountant, or that loses an independent public accountant through dismissal or resignation, must notify NCUA within 15 days after the engagement, dismissal, or resignation. The corporate credit union must include with the notice a reasonably detailed statement of the reasons for any VerDate Mar<15>2010 16:27 Apr 28, 2011 Jkt 223001 dismissal or resignation. The corporate credit union must also provide a copy of the notice to the independent public accountant at the same time the notice is filed with NCUA. (5) Notification of late filing. A corporate credit union that is unable to timely file any part of its Annual Report or any other report or notice required by this paragraph (c) must submit a written notice of late filing to NCUA. The notice must disclose the corporate credit union’s inability to timely file all or specified portions of its Annual Report or other report or notice and the reasons therefore in reasonable detail. The late filing notice must also state the date by which the report or notice will be filed. The written notice must be filed with NCUA before the deadline for filing the Annual Report or any other report or notice, as appropriate. NCUA may take appropriate enforcement action for failure to timely file any report, or notice of late filing, required by this section. (6) Report to Members. A corporate credit union must submit a preliminary Annual Report to the membership at the next calendar year’s annual meeting. (d) Supervisory committee.—(1) Composition. Each corporate credit union must establish a supervisory committee, all of whose members must independent. A committee member is independent if: (i) Neither the committee member, nor any immediate family member of the committee member, is supervised by, or has any material business or professional relationship with, the chief executive officer (CEO) of the corporate credit union, or anyone directly or indirectly supervised by the CEO, and (ii) Neither the committee member, nor any immediate family member of the committee member, has had any of the relationships described in paragraph (d)(1)(i) for at least the past three years. (2) Duties. In addition to any duties specified under the corporate credit union’s bylaws and these regulations, the duties of the credit union’s supervisory committee include the appointment, compensation, and oversight of the independent public accountant who performs services required under this section and reviewing with management and the independent public accountant the basis for all the reports prepared and issued under this section. The supervisory committee must submit the audited comparative annual financial statements and the independent public accountant’s report on those statements to the corporate credit union’s board of directors. PO 00000 Frm 00010 Fmt 4700 Sfmt 4700 (3) Independent public accountant engagement letters. (i) In performing its duties with respect to the appointment of the corporate credit union’s independent public accountant, the supervisory committee must ensure that engagement letters and/or any related agreements with the independent public accountant for services to be performed under this section: (A) Obligate the independent public accountant to comply with the requirements of paragraph (b) of this section (including, but not limited to, the notice of termination of services, communications with the supervisory committee, and notifications of peer reviews and inspection reports); and (B) Do not contain any limitation of liability provisions that: (1) Indemnify the independent public accountant against claims made by third parties; (2) Hold harmless or release the independent public accountant from liability for claims or potential claims that might be asserted by the client corporate credit union, other than claims for punitive damages; or (3) Limit the remedies available to the client corporate credit union. (ii) Engagement letters may include alternative dispute resolution agreements and jury trial waiver provisions provided that the letters do not incorporate any limitation of liability provisions set forth in paragraph (d)(3)(i)(B) of this section. (4) Outside counsel. The supervisory committee of any corporate credit union must, when deemed necessary by the committee, have access to its own outside counsel. (e) Internal audit. A corporate credit union with average daily assets in excess of $400 million for the preceding calendar year, or as ordered by NCUA, must employ or contract, on a full- or part-time basis, the services of an internal auditor. The internal auditor’s responsibilities will, at a minimum, comply with the Standards and Professional Practices of Internal Auditing, as established by the Institute of Internal Auditors. The internal auditor will report directly to the chair of the corporate credit union’s supervisory committee, who may delegate supervision of the internal auditor’s daily activities to the chief executive officer of the corporate credit union. The internal auditor’s reports, findings, and recommendations will be in writing and presented to the supervisory committee no less than quarterly, and will be provided upon request to the IPA and NCUA. E:\FR\FM\29APR1.SGM 29APR1 Federal Register / Vol. 76, No. 83 / Friday, April 29, 2011 / Rules and Regulations 6. Revise the introductory text of paragraph (a) of § 704.19 to read as follows: ■ 8. Add a new § 704.22 to read as follows: § 704.19 Disclosure of executive and director compensation. (a) A corporate credit union may charge its members a membership fee. The fee may be one-time or periodic. (b) The corporate credit union must calculate the fee uniformly for all members as a percentage of each member’s assets, except that the corporate credit union may reduce the amount of the fee for members that have contributed capital to the corporate. Any reduction must be proportional to the amount of the member’s nondepleted contributed capital. (c) The corporate credit union must give its members at least six months advance notice of any initial or new fee, including terms and conditions, before invoicing the fee. For a recurring fee, the corporate credit union must also give six months notice of any material change to the terms and conditions of the fee. (d) The corporate credit union may terminate the membership of any credit union that fails to pay the fee in full within 60 days of the invoice date. ■ § 704.22 (a) Annual disclosure. A corporate credit union must annually prepare and maintain a disclosure of the dollar amount of compensation paid to its most highly compensated employees, including compensation from any corporate CUSO in which the corporate has invested or made a loan, in accordance with the following schedule: * * * * * ■ 7. Effective April 29, 2013, add a new § 704.21 to read as follows: srobinson on DSKHWCL6B1PROD with RULES § 704.21 Enterprise risk management. (a) A corporate credit union must develop and follow an enterprise risk management policy. (b) The board of directors of a corporate credit union must establish an enterprise risk management committee (ERMC) responsible for reviewing the enterprise-wide risk management practices of the corporate credit union. The ERMC must report at least quarterly to the board of directors. (c) The ERMC must include at least one independent risk management expert. The risk management expert will have post-graduate education; an actuarial, accounting, economics, financial, or legal background; and at least five years experience in identifying, assessing, and managing risk exposures. The risk management expert’s experience must also be commensurate with the size of the corporate credit union and the complexity of its operations. The board of directors may hire the independent risk management expert to work fulltime or part-time for the ERMC or as a consultant for the ERMC. (d) A risk management expert qualifies as independent if: (1) The expert reports to the ERMC and to the corporate credit union’s board of directors; (2) Neither the expert, nor any immediate family member of the expert, is supervised by, or has any material business or professional relationship with, the chief executive officer (CEO) of the corporate credit union, or anyone directly or indirectly supervised by the CEO; and (3) Neither the expert, nor any immediate family member of the expert, has had any of the relationships described in paragraph (d)(2) of this section for at least the past three years. (e) The risk management expert is not required to be a director of the corporate credit union. VerDate Mar<15>2010 16:27 Apr 28, 2011 Jkt 223001 Membership fees. [FR Doc. 2011–10108 Filed 4–28–11; 8:45 am] BILLING CODE 7535–01–P NATIONAL CREDIT UNION ADMINISTRATION 12 CFR Chapter VII [IRPS 11–1] Guidelines for the Supervisory Review Committee National Credit Union Administration (NCUA). ACTION: Final Interpretative Ruling and Policy Statement 11–1, ‘‘Supervisory Review Committee’’ (IRPS 11–1). AGENCY: This policy statement combines two Interpretative Ruling and Policy Statements (IRPSs) and adds denials of technical assistance grant (TAG) reimbursements to the types of determinations that credit unions may appeal to NCUA’s Supervisory Review Committee. This new IRPS will replace the earlier IRPSs addressing the Supervisory Review Committee. DATES: This IRPS was previously issued as an interim final IRPS, which became effective on January 20, 2011. FOR FURTHER INFORMATION CONTACT: Dave Marquis, Executive Director or Justin M. Anderson, Staff Attorney, Office of General Counsel, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314–3428, or telephone: (703) 518– SUMMARY: PO 00000 Frm 00011 Fmt 4700 Sfmt 4700 23871 6320 (Dave Marquis) or (703) 518–6540 (Justin Anderson). SUPPLEMENTARY INFORMATION: A. Background Pursuant to Section 309(a) of the Riegle Community Development and Regulatory Improvement Act of 1994 (Riegle Act), Public Law 103–325, § 309(a), 108 Stat. 2160 (1994), the NCUA Board (Board) adopted guidelines that established an independent appellate process to review material supervisory determinations, entitled ‘‘Supervisory Review Committee’’ (IRPS 95–1). 60 FR 14795 (March 20, 1995). Through IRPS 95–1, NCUA established a Supervisory Review Committee (Committee) consisting of three senior staff members to hear appeals of material supervisory determinations. IRPS 95–1 defined material supervisory determinations to include determinations on composite CAMEL ratings of 3, 4 and 5, all component ratings of those composite ratings, significant loan classifications and adequacy of loan loss reserves. The Board noted in the preamble to IRPS 95–1, however, that it would consider expanding the disputes covered by the Committee’s review process at a later date. 60 FR 14795, 14796 (March 20, 1995). In 2002, the Board amended IRPS 95–1 by issuing IRPS 02–1, which added Regulatory Flexibility designation revocations to the list of material supervisory determinations credit unions may appeal to the Committee. B. Interim Final IRPS At its January meeting, the NCUA Board issued interim final IRPS 11–1. 76 FR 3674 (January 20, 2011). As noted in the preamble to the interim final IRPS, under Part 705 of NCUA’s regulations, qualifying credit unions can apply for loans or technical assistance grants (TAGs) from the Community Development Revolving Loan Fund for Credit Unions (CDRLF). The change made in the interim final IRPS allows a credit union to appeal the denial of a TAG reimbursement to the Committee. Specifically, under the interim final IRPS, any credit union that disagrees with the Director of OSCUI’s determination may, within 30 days from the date of the denial, appeal the determination to the Committee. Committee decisions on TAG appeals are final; they are not appealable to the NCUA Board. Interim final IRPS 11–1 also combined the two previous IRPSs addressing the Committee, IRPS 95–1 and 02–1, into one centralized document. The Board noted in the preamble that interim final IRPS 11–1 E:\FR\FM\29APR1.SGM 29APR1

Agencies

[Federal Register Volume 76, Number 83 (Friday, April 29, 2011)]
[Rules and Regulations]
[Pages 23861-23871]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2011-10108]


=======================================================================
-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION

12 CFR Part 704

RIN 3133-AD74


Corporate Credit Unions

AGENCY: National Credit Union Administration (NCUA).

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: NCUA is issuing final amendments to its rule governing 
corporate credit unions (corporates). The amendments include internal 
control and reporting requirements for corporates similar to those 
required for banks under the Federal Deposit Insurance Act and the 
Sarbanes-Oxley Act. The amendments require each corporate to establish 
an enterprise-wide risk management committee staffed with at least one 
risk management expert. The amendments require corporates conduct all 
board of director votes as recorded votes and include the votes of 
individual directors in the meeting minutes. The amendments permit 
corporates to charge their members reasonable one-time or periodic 
membership fees as necessary to facilitate retained earnings growth. 
For senior corporate executives who are dual employees of corporate 
credit union service organizations (CUSOs), the amendments also require 
disclosure of certain compensation received from the corporate CUSO.

DATES: This rule is effective May 31, 2011, except that the amendments 
to Sec. Sec.  704.2 and 704.15 are effective January 1, 2012, and the 
addition of Sec.  704.21 is effective April 29, 2013.

FOR FURTHER INFORMATION CONTACT: Jacqueline Lussier, Staff Attorney, 
Office of General Counsel; Elizabeth Wirick, Staff Attorney, Office of 
General Counsel; and Lisa Henderson, Staff Attorney, Office of General 
Counsel, all at telephone (703) 518-6540), National Credit Union 
Administration, 1775 Duke Street, Alexandria, VA 22314; or David 
Shetler, Deputy Director, Office of Corporate Credit Unions, at the 
address above or telephone (703) 518-6640.

SUPPLEMENTARY INFORMATION: 

I. Background

    In September 2010, the NCUA Board made substantial revisions to 
part 704 (with conforming amendments to parts 702, 703, 709, and 747). 
75 FR 64786 (Oct. 20, 2010) (September Rulemaking). These amendments 
established a new capital scheme, including risk-based capital 
requirements; imposed new prompt corrective action requirements; placed 
various new limits on corporate investments; imposed new asset-
liability management controls; amended some corporate governance 
provisions; and limited a corporate CUSO to categories of activities 
preapproved by NCUA.
    The preamble to the September Rulemaking also stated that shortly 
after its promulgation the Board intended to issue another proposal 
that would further amend part 704 and related provisions. Id. at 64824. 
In November 2010, the Board issued the promised follow-on proposal with 
further revisions to the corporate rule. 75 FR 73000 (Nov. 29, 2010). 
The seven amendments proposed in November would have:
     Provided for the sharing of Temporary Corporate Credit 
Union Stabilization Fund (TCCUSF) expenses among all members of 
corporate credit unions, including both credit union and noncredit 
union members;
     Limited natural person credit unions (NPCUs) to membership 
in one corporate of the NPCU's choice at any one time;
     Required corporates conduct all board of director votes as 
recorded votes and include the votes of individual directors in the 
meeting minutes;
     Incorporated certain audit, reporting, and audit committee 
practices from the Federal Deposit Insurance Act (FDI Act), Part 363 of 
the Federal Deposit Insurance Corporation (FDIC) Regulations, and the 
Sarbanes-Oxley Act of 2002;
     Required corporates to establish enterprise-wide risk 
management committees staffed with at least one independent risk 
management expert;
     Allowed corporates to charge their members reasonable one-
time or periodic membership fees; and

[[Page 23862]]

     Required the disclosure of compensation received from a 
corporate CUSO by certain highly compensated corporate credit union 
executives.
    The initial public comment period on the November proposals was 30 
days, but the Board extended the comment period to 60 days. 75 FR 75648 
(Dec. 6, 2010). During the comment period, which closed on January 28, 
2011, NCUA received 227 comments from a wide variety of sources.

II. Overview of the Final Amendments

    After considering the comments received on the November proposal, 
the Board determined not to proceed with the first two proposals listed 
above relating to the sharing of TCCUSF expenses and the limitation on 
corporate credit union membership. This final rule does include the 
other five November proposals. As discussed in detail below, the Board 
adopted the membership fee and CUSO compensation disclosure amendments 
exactly as proposed. In response to the comments, however, the Board 
adopted the final three proposals (i.e., relating to internal controls, 
enterprise risk management, and recording director votes) with some 
changes from the proposed versions. Additionally, some of the 
provisions relating to internal controls and enterprise risk management 
have delayed effective dates.

III. Section-by-Section Analysis of the Final Amendments

Section 704.2 Definitions

    The proposal included a number of new definitions in Sec.  704.2, 
generally relating to terms used in the proposed internal control and 
reporting amendments to Sec.  704.15. The newly defined terms included: 
Critical accounting policies, Enterprise risk management, Examination 
of internal control, Family, Financial statements, Financial statement 
audit, Generally accepted auditing standards, Independent public 
accountant, Internal control, Internal control framework, Internal 
control over financial reporting, and Supervisory committee.
    Although the proposed rule contained a definition for Family, that 
definition has been dropped from this final rule as the Board has 
determined that the existing part 704 definition of Immediate family 
member is sufficient. This final rule also modifies the proposed 
definition of Independent public accountant (IPA) slightly to ensure 
that if a state permits accountants licensed out-of-state to practice 
accounting in-state, those accountants will be considered to fall 
within the IPA definition.
    The effective date of these new definitions is delayed to January 
1, 2012, to correspond to the earliest effective date of the internal 
control and reporting amendments in Sec.  704.15.
    Except as described above, the proposed Sec.  704.2 definitions are 
adopted as proposed.

Section 704.11 Corporate Credit Union Service Organizations; and Sec.  
704.19 Disclosure of Executive and Director Compensation

    The proposal included amendments to Sec. Sec.  704.11 and 704.19 to 
ensure that the required disclosures of compensation paid to certain 
corporate employees under Sec.  704.19 also capture compensation paid 
to these employees by any corporate CUSO in which the corporate credit 
union has invested or made a loan. The proposed revisions to Sec.  
704.19(a) clarified that a corporate credit union's annual disclosures 
of compensation paid to its most highly compensated employees must 
include any compensation from a CUSO in which the corporate has 
invested. To facilitate an accurate disclosure, the proposal also 
required the CUSO agree to provide this information about dual employee 
compensation to the corporate. This agreement would be embedded in the 
general agreement between the corporate and the CUSO discussed in Sec.  
704.11(g).
    A slight majority of commenters opposed this proposed CUSO 
compensation disclosure requirement, and the most frequent reason given 
was a concern that this disclosure could lead to ``piercing the 
corporate veil'' between the corporate and the CUSO. The NCUA Board 
disagrees that disclosure of the compensation of dually-compensated 
employees, by itself or in connection with other factors, is likely to 
shift a CUSO's legal liability to a corporate.
    Some commenters also worried NCUA might eventually impose these 
disclosure requirements on natural person credit unions and their CUSOs 
as well. At this time, the Board has no such intent. The Board does 
believe, however, that the members of corporate credit unions need this 
transparency with regard to corporate executive pay.
    Other commenters opined that NCUA has no authority to regulate 
CUSOs. The Board agrees that it cannot regulate CUSOs directly, but it 
can, for safety and soundness reasons, regulate the types of 
investments that credit unions make and whether credit unions should 
invest in CUSOs. If a corporate wishes to invest in, or loan to, an 
entity, that entity will likely meet the definition of a corporate 
CUSO, and the CUSO must conform to NCUA's requirements if it wishes to 
retain that corporate investment. Another objector termed the proposal 
unnecessary because the information is required on, and can be obtained 
from, IRS Form 990. This objector is incorrect. For example, federally 
chartered credit unions do not file Form 990s, and, typically, the 
information contained on a completed Form 990 is not coextensive with 
the information required to be disclosed to members under this rule.
    One commenter who generally supported the proposal requested that 
disclosure be limited to the member/owners of the corporate and that 
the disclosure not be made to the general public. The Board notes that 
Sec.  704.19 does not require public disclosure, but only disclosure to 
members. 12 CFR 704.19(b). The corporate can make this member 
disclosure in a nonpublic manner if it desires.
    Accordingly, the Board adopts the proposed revisions to Sec. Sec.  
704.11 and 704.19 without change.

Section 704.13 Board Responsibilities

    The proposal would have amended Sec.  704.13 to require corporates 
to conduct all board of director votes as recorded votes and to include 
the votes of individual directors in the meeting minutes, with the goal 
of increasing the transparency of the corporate credit union decision-
making process. In the final rule, the Board has modified this proposal 
to require recording only ``no'' votes and abstentions on a particular 
item where the affirmative votes can otherwise be determined as the 
remaining directors in attendance.
    Many commenters who opposed the proposal were concerned that 
requiring recorded votes would create divisiveness within the board or 
could lead to individuals being singled out for litigation or 
enforcement action. Some commenters also stated that the proposal would 
discourage individuals from serving on corporate boards. A few 
commenters also expressed concerns that NCUA would also eventually 
impose the same requirement on NPCUs. Other commenters opined that the 
proposal exceeded NCUA's authority generally, arguing that only states 
could impose such requirements on state-chartered corporates. Another 
commenter stated this requirement was a matter for the bylaws, not a 
regulation.
    The Board disagrees with these commenters. Recent events in the 
corporate system illustrate the dangers resulting from the insular and 
non-transparent decision-making that occurred at some corporate credit

[[Page 23863]]

unions. As corporates continue their efforts to reorganize and recover 
from the crisis, it is essential that the members of corporate credit 
unions are able to see how their directors vote on matters that affect 
the members. While the Board acknowledges the possibility that this 
transparency requirement could create dissension among board members, 
the Board believes that the benefits of openness and transparency far 
outweigh any discomfort individual board members may face from recorded 
votes. Further, as discussed in the preamble to the proposed rule, NCUA 
has broad authority to require federally-insured credit unions, 
including corporate credit unions, to prepare and submit financial 
information and other information as the Board requires. 12 U.S.C. 
1761, 1766, 1781, 1782(a)(2), and 1789. Because of the importance of 
transparency in corporate credit union board decisions, and the effect 
those decisions can have on the safety and soundness of the entire 
credit union system, the Board believes this provision is appropriately 
placed in a regulation rather than relying on each corporate to adopt a 
conforming bylaw.
    A few commenters also asserted that the proposed recorded vote 
requirement would conflict with provisions of Roberts' Rules of Order 
that provide for the chair to vote only in case of a tie, or with 
provisions of state law and the Revised Model Business Corporation Act 
that presume all directors assent to an action unless dissent is 
documented. Several commenters suggested recording ``no'' votes and 
abstentions would suffice, especially if the meeting minutes list the 
directors present. After considering these comments, the Board has 
modified the proposal to require recording only ``no'' votes and 
abstentions on all board votes, as long as the names of directors 
attending the meeting are recorded elsewhere in the minutes.
    Except as noted above, the Board adopts the revisions to Sec.  
704.13 as proposed.

Section 704.15 Audit and Reporting Requirements

    NCUA currently requires that a corporate credit union's board of 
directors ensure the preparation of timely and accurate balance sheets, 
income statements, and internal risk assessments and that systems are 
audited periodically in accordance with industry standards. 12 CFR 
704.4(c). In addition, a corporate credit union's supervisory committee 
must ensure that: (1) An external audit is performed annually in 
accordance with generally accepted auditing standards; and (2) the 
audit report is submitted to the board of directors, to NCUA, and in a 
summary version, to the members. 12 CFR 704.15(a).
    To facilitate early identification of problems in financial 
management at corporate credit unions, the NCUA Board proposed to amend 
Sec.  704.15 to add certain additional auditing, reporting, and 
supervisory committee requirements. These proposals were very similar 
to those required of banks by the FDIC. 12 CFR part 363. The most 
significant proposed revisions would have required a corporate to:
     Ensure that its financial reports reflect all material 
correcting adjustments necessary to conform with generally accepted 
accounting principles (GAAP) as identified by the corporate's IPA.
     Prepare an annual management report, signed by the chief 
executive officer and the chief accounting officer or chief financial 
officer, that contains: (1) A statement of management's responsibility 
for preparing financial statements, for establishing and maintaining an 
adequate internal control structure, and for complying with safety and 
soundness laws and regulations; (2) an assessment of the corporate's 
compliance with such laws and regulations; and (3) for a corporate with 
assets of at least $1 billion, an assessment of the effectiveness of 
the internal control structure.
     Ensure that its IPA: (1) Reports to the supervisory 
committee all critical accounting policies; (2) retains the working 
papers related to an audit for seven years; (3) complies with the 
independence standards and interpretations of the American Institute of 
Certified Public Accountants (AICPA); (4) has an acceptable peer 
review; (5) notifies NCUA if the IPA ceases being a corporate's 
independent accountant; and (6) for a corporate with assets of at least 
$1 billion, reports separately to the supervisory committee on 
management's assertions concerning the effectiveness of the corporate's 
internal control structure.
     Ensure that it: (1) Files a copy of its annual report to 
NCUA within 180 days after the end of the calendar year, which NCUA 
will make available for public inspection; (2) provides NCUA with a 
copy of any letter or report issued by its IPA; (3) informs NCUA when 
it engages an IPA or loses an IPA through dismissal or resignation; (4) 
provides a notice to NCUA of late filing of the annual report; and (5) 
submits a summary of its annual report to the membership.
     Ensure that its supervisory committee (1) consists of 
members who are independent of the corporate (defined as having no 
family relationships or material business or professional relationships 
with the corporate); (2) supervises the IPA; and (3) ensures that audit 
engagement letters do not contain unsafe and unsound limitation of 
liability provisions.
    The public commenters that addressed the proposed revisions to 
Sec.  704.15 generally did so without discussing the specific 
revisions. That is, those in favor of the proposal simply stated that 
it was a good idea. Likewise, those opposed maintained generally that 
the proposed revisions to Sec.  704.15 were too burdensome. A few 
commenters said that if any of the provisions were adopted, they should 
apply to all corporates regardless of size.
    The NCUA Board believes that the proposed amendments are important 
to ensure the accurate and reliable measurement of a corporate credit 
union's assets and earnings, which has a direct bearing on the 
determination of regulatory capital. The Board believes that the 
amendments will help identify weaknesses in internal control over 
financial reporting and risk management at corporate credit unions and 
reinforce corrective measures, thus complementing supervisory efforts 
in contributing to the safety and soundness of corporate credit unions. 
Accordingly, the Board is adopting the provisions as proposed, except 
as discussed below. The Board is mindful, however, that corporates are 
still adjusting to the major part 704 revisions in the September 
Rulemaking, and that imposing these new auditing and reporting 
requirements on corporate credit unions immediately could be confusing 
and overly burdensome. Accordingly, the Board is delaying the effective 
date of all the Sec.  704.15 revisions until at least January 1, 2012, 
and as discussed below, delaying some of the revisions into 2013 and 
2014.
    Proposed paragraph 704.15(a)(2) required corporate credit union 
management to prepare an annual report containing certain enumerated 
elements. Several elements--including a statement of management's 
responsibility for establishing and maintaining an adequate internal 
control structure and procedures for financial reporting--applied to 
all corporates. However, proposed paragraph 704.15(a)(2)(iii), which 
required that management assess the effectiveness of the internal 
control structure and procedures for financial reporting, would have 
applied only to corporate credit unions with at least $1 billion in 
assets. Similarly, proposed paragraph 704.15(b)(2), which required

[[Page 23864]]

that corporates have the IPA attest to management's assertions 
concerning the effectiveness of the corporate's internal control 
structure and procedures for financial reporting, also applied only to 
corporates with at least $1 billion in assets.
    Some commenters stated that all the internal control requirements 
in Sec.  704.15 should apply to all corporates. After careful 
consideration, the Board agrees and has determined to remove the $1 
billion asset threshold for these two provisions. All corporates 
present systemic risk and therefore should be subject to strong 
internal control reviews and attestations. To mitigate the compliance 
burden of these requirements, however, the Board has determined to 
delay the effective date of these provisions past 2012. The management 
assessment requirement in paragraph (a)(2)(iii) will take effect on 
January 1, 2013, so that only management reports prepared in 2013 (for 
the calendar year 2012) and for later calendar years must contain 
management's assessment of the effectiveness of the internal control 
structure and procedures. In addition, the IPA assessment requirement 
in paragraph (b)(2) will take effect on January 1, 2014 for management 
reports prepared for the calendar year 2013 and thereafter.
    Proposed paragraph 704.15(d)(1) addressed the composition of a 
corporate credit union's supervisory committee, stating that its 
members may not be employees of the corporate credit union and must be 
independent of the corporate credit union. A few commenters found this 
provision confusing, and the Board has clarified it. The final 
paragraph (d)(1) states that supervisory committee members must be 
independent of the operational side of the corporate, that is, the part 
of the credit union that is supervised, directly or indirectly, by the 
corporate's Chief Executive Officer.
    Except as discussed above, the Board adopts Sec.  704.15 as 
proposed.

Section 704.21 Enterprise Risk Management

    The proposal included a new section on Enterprise Risk Management 
(ERM) requiring all corporate credit unions to develop and follow an 
ERM policy. The proposal required the board of directors establish an 
ERM committee responsible for overseeing the corporate's risk 
management practices and for reporting at least annually to the board 
of directors. The committee would include at least one independent risk 
management expert with sufficient experience in identifying, assessing, 
and managing risk exposures.
    The proposal defined independent to mean that the expert does not, 
going back three years, have any family relationships or any material 
business or professional relationships with the corporate that would 
affect his or her independence as a committee member. The risk 
management expert must have a post-graduate education; an actuarial, 
accounting, economics, financial, or legal background; and at least 
five years experience in identifying, assessing, and managing risk 
exposures. The expert's experience must also be commensurate with the 
size of the corporate and the complexity of its operations. The board 
must hire this individual from outside the corporate.
    Most of the commenters who commented generally on enterprise risk 
assessments thought they were valuable and could be effective tools for 
management. Many of these commenters agreed with the proposed rule but 
thought it should be refined.
    Several other commenters specifically opposed any regulatory ERM 
requirement. Many of these commenters thought the ERM proposals were 
redundant with other committees (ALCO, supervisory, and audit) and 
unnecessary in light of these committees, regular NCUA and state 
examinations, and the new NCUA corporate regulations. Some of these 
commenters thought that the ERM functions were not sufficiently 
distinguished from the functions of the board, ALCO, supervisory 
committee, or audit committee, and that the ERM committee might impinge 
on the turf of these committees and the board, all without providing 
material new information or new benefit. These commenters, however, did 
not say specifically how the ERM might cause this confusion. A few 
commenters thought that NCUA should consider addressing ERM as guidance 
or best practices. A few commenters grouped the proposed rule's ERM and 
audit reporting requirements together and generally opposed both as 
expensive and unnecessary.
    The Board disagrees with these comments. As general matter, 
organizations may be practicing good risk management on an exposure-by-
exposure basis, but they may not be paying close enough attention to 
the aggregation of exposures across the entire organization. An 
organization must measure and understand all the individual risks 
associated with its various business components, and also understand 
how they interact dynamically. A successful ERM process can help to 
meet many of those challenges. As one commenter stated, 
``[i]ncreasingly, [ERM] is being utilized by credit unions, 
particularly larger ones, as an important mechanism to ensure the 
organization has the proper, overall [perspective] on all of its risks 
and its capacity to manage those risks. * * * [E]nterprise risk 
assessments * * * can be very effective tools [for] making sure the 
corporate has the ability to identify, manage, and correct material 
risks.''
    There is a misapprehension among some commenters that the ERM 
committee would be redundant of other committees, such as the 
supervisory (or audit) and ALCO or credit committees. The FCU Act, 
NCUA's regulations, and the standard federal corporate credit union 
bylaws provide for those committees and prescribe targeted areas of 
responsibility for each. The ERM committee's unique mission would be to 
review and report on management's identification and management of all 
of the corporate's significant and emerging enterprise risk. The ERM 
committee would act in an advisory capacity to the board of directors 
to ensure that the board obtains focused, comprehensive information on 
enterprise risk, and not just on the individual, specific risks 
addressed by the ALCO, credit, and supervisory committees. The ERM 
committee would address all of an enterprise's risks--including 
financial, operational, strategic, compliance, and reputational risks--
under one umbrella. The ERM committee would also conduct its analysis 
and present its views independent of the earnings pressure faced by the 
operational side of the corporate. The pressure to achieve certain 
earnings goals can, in some instances, cause the operators to overlook 
or downplay the risks associated with their endeavors.
    The ERM committee has no power to require action by the corporate 
or any part of the corporate, and thus does not overlap with 
management's turf or the turf of any other committee. To clarify that 
the committee is only advisory, and has no prescriptive powers or 
authorities, the final rule replaces the word ``oversight'' with the 
word ``review'' as it applies to the ERM committee's activities.
    One commenter stated that, if the rule was adopted, it ought to 
specify a charter for the ERM committee and the scope of its duties and 
delegated responsibilities. The Board believes that the board of 
directors of the corporate has the responsibility to specify the duties 
of the ERM committee consistent with the requirements of this rule. 
Accordingly, a specific charter is not

[[Page 23865]]

necessary. Another commenter stated that annual ERM reporting is 
insufficient, and that it should be done at least quarterly. The Board 
agrees and has modified the regulation accordingly.
    Some commenters addressed the ERM expert. One commenter thought 
that a single expert was insufficient, and that multiple experts with 
different expertise were necessary. Another commenter thought a ``part-
time'' consultant was not a good idea, and that the rule should 
encourage the use of ``in-house full-time risk management experts.'' A 
few commenters asked for clarification of the independence concept, and 
two commenters did not see how the ERM expert could remain independent 
from the corporate once the expert was compensated by the corporate.
    In response to these comments, the NCUA Board notes that the 
proposal required that the ERM committee include ``at least'' one 
independent risk management expert. Each corporate has the authority to 
determine whether additional experts are necessary or desirable. The 
Board also believes that each corporate should be permitted to decide 
whether to employ the expert on a full- or part-time basis as part of 
the ERM committee or to engage the expert as a consultant, either part- 
or full-time, and has clarified this in the rule text.
    As for the independence requirement, the Board's intent was to 
ensure the ERM expert is not influenced by the operational side of the 
corporate credit union. For clarity, the final rule provides that an 
ERM expert is independent if neither the expert, nor any immediate 
family member of the expert, is supervised by, or has any other 
material business or professional relationship with, the chief 
executive officer or anyone supervised, directly or indirectly, by the 
CEO. This is similar to the independence standard applicable to the 
members of the supervisory committee as provided under Sec.  704.15(d). 
Also, the Board notes that the fact that the expert is compensated by 
the corporate does not undermine the independence of the expert any 
more than compensating the independent public accountant undermines the 
IPA's independence.
    The Board is delaying the effective date of this ERM section for 24 
months to give corporates time to put together an ERM policy, assemble 
an ERM committee, and locate and hire a qualified ERM expert. The final 
rule also renumbers this ERM section as Sec.  704.21, instead of Sec.  
704.22 as proposed.
    Except as discussed above, the Board adopts the final ERM section 
as proposed.

Section 704.22 Membership Fees

    The proposal included a new section on membership fees permitting a 
corporate the option to charge its members a one-time or periodic 
membership fee as a mandatory requirement of membership. The purpose of 
the proposal was to give corporates another tool to build retained 
earnings.
    The proposal required the fee be uniform and proportional to the 
member's asset size. The corporate could reduce the fee for members 
that have contributed capital to the corporate, but any reduction would 
have to be proportional to the amount of the member's non-depleted 
contributed capital. The corporate would have to give members at least 
six months advance notice of any initial or new fees, or any material 
change to a recurring fee. A corporate could terminate the membership 
of any credit union that fails to pay the fee fully within 60 days of 
invoicing.
    Of the commenters who commented on this provision, slightly over 
half supported it, with the rest opposed to it. Several corporate 
credit unions commented on the proposal with most supporting it. Many 
commenters that supported the proposal recommended some changes to it, 
as discussed below.
    Some supportive commenters stated corporates should be allowed to 
determine the amount of the fee without the limits imposed in the 
proposed rule and in accordance with a formulation set by the 
corporate. Some of these commenters felt that adequate disclosure to 
the members should be the only requirement. The Board does not agree 
with these comments. The rule provides corporates the option of 
charging reasonable membership fees as a way to build retained 
earnings. The requirement that fees be calculated uniformly for all 
members and as a percentage of each member's assets is a safeguard 
against the imposition of arbitrary and unreasonable fees and ensures 
fair treatment of all members, including smaller natural person credit 
unions. Furthermore, this fee provision does give corporates the 
flexibility to reduce fees for those members that are contributing more 
capital to the corporate. One commenter also recommended that the rule 
require any membership fees be approved by at least a majority vote of 
the corporate's members. Again, the Board disagrees. Allowing members 
to vote on whether the corporate may charge such fees would undermine 
the corporate's flexibility in employing fees as a tool to attain 
required retained earnings targets. Also, the rule provides for 
adequate notice to members about upcoming fees so that the members can 
oppose the fee or obtain their services elsewhere.
    Some commenters stated that the required six-month notice provision 
for any new fees is too long, and should be shortened to something like 
45 or 60 days. These commenters believe that this would permit 
corporates to more accurately estimate the need for and results from 
assessing the fee. Another commenter opined that six months notice is 
adequate for routine fees, but that for more significant fee charges 
the proposal does not allow time for forward planning by credit union 
members.
    The Board disagrees with these commenters. The Board believes that 
the required minimum six-month advance notice is reasonable for 
planning by both corporates and members. A notice period shorter than 
six months would not give members adequate time to look for alternative 
service providers should they find the fees too onerous. The commenter 
who said that six months notice is adequate for routine fees, but 
wanted a longer advance notice period for more significant charges did 
not define ``routine fees'' or ``more significant charges.'' The 
proposed rule sets only a minimum notice period; it does not keep a 
corporate from providing additional advance notice for particular fees.
    Those commenters who opposed permitting membership fees provided 
various reasons for their opposition. Some of these commenters felt 
such fees would put additional, unwarranted financial strain on NPCUs 
already required to contribute capital to corporates and make payments 
to the Temporary Corporate Credit Union Stabilization Fund. Many of 
these commenters thought the fee option would give corporates too much 
power over their NPCU members. The Board believes that the fee rule 
provides an acceptable balance between the corporates' need for 
retained earnings and capital and the members' need for services.
    Some commenters expressed concern about allowing a corporate to 
``expel'' a member for not paying membership fees. One commenter felt 
the proposal appears to circumvent the expulsion process established in 
the FCU Act and that the process of expulsion should be defined with 
regard to capital and contract requirements. Several commenters stated 
that the proposal does not address whether an NPCU whose membership is 
terminated for

[[Page 23866]]

failure to pay the fee will get its perpetual contributed capital back.
    The Board believes that some of these commenters are 
mischaracterizing the membership termination provision as an 
``expulsion'' from membership. A corporate has the right to terminate 
membership of any member that does not comply with the minimum 
conditions of membership, such as maintaining the minimum share balance 
required under the bylaws. Such termination is not an expulsion. 
Likewise, failure to pay a legally imposed membership fee in a timely 
fashion under this new section subjects the member to potential 
membership termination. In addition, provisions for the return of 
membership capital are addressed elsewhere in part 704.
    The Board notes that the membership fees section numbering in the 
proposed (i.e., Sec.  704.23) is changed to Sec.  704.22 in the final 
rule. Also, paragraph (d) of the proposed Sec.  704.23 stated that the 
corporate credit union may terminate the membership of any credit union 
that fails to pay the fee in full on a timely basis. The reference to 
credit union should have been to member since corporates may have 
certain entities in their fields of membership that are not credit 
unions, and the final rule corrects this reference.
    Except as discussed above, the Board adopts this membership fee 
provision as proposed.

IV. Regulatory Procedures

Regulatory Flexibility Act

    The Regulatory Flexibility Act requires NCUA to prepare an analysis 
to describe any significant economic impact any regulation may have on 
a substantial number of small entities (those under $10 million in 
assets). This final regulation applies only to corporate credit unions, 
all of which have assets well in excess of $10 million. Accordingly, 
the NCUA Board certifies that this final rule will not have a 
significant economic impact on a substantial number of small credit 
unions and, therefore, a regulatory flexibility analysis is not 
required.

Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (PRA) applies to rulemakings in 
which an agency by rule creates a new paperwork burden on regulated 
entities or modifies an existing burden. 44 U.S.C. 3507(d). For 
purposes of the PRA, a paperwork burden may take the form of a 
reporting, recordkeeping, or disclosure requirement, each referred to 
as an information collection. NCUA identified and described several 
information collection requirements in the proposed rule. As required 
by the PRA, NCUA submitted a copy of the proposed rule to the Office of 
Management and Budget (OMB) for its review and approval. Persons 
interested in submitting comments with respect to the information 
collection aspects of the proposed rule were invited to submit them to 
OMB (with a copy to NCUA) at the addresses noted in the preamble to the 
proposed rule.
    For several reasons, NCUA has modified the final estimated burden 
associated with the final rule. At the time the proposed rule was 
issued, there were 27 corporate credit unions, and there are now only 
26 corporates. This reduction affects the burden estimates for some 
aspects of the information collection requirements, as discussed below. 
In addition, and as discussed more fully in the preamble to this final 
rule, the Board has determined to make several changes in the final 
rule, and some of those changes affect the burden estimates for some 
aspects of the information collection requirements. These changes are 
also discussed below. Finally, NCUA received one comment specifically 
addressed to the agency's estimates of paperwork burden as set out in 
the preamble to the proposed rule concerning proposed Sec.  704.15, 
Audit and reporting requirements. This comment is discussed below in 
the section addressing the burden represented by Sec.  704.15(a)(2).
    The specific provisions of the final rule with hour-burden 
estimates different from the proposal follow.
Section 704.13(c)(8)--Recorded Director Votes
    As proposed, this section required all 27 corporates to conduct all 
board of director votes by recorded vote and to record those votes in 
the minutes of the directors' meetings. In the proposed rule, NCUA 
estimated that compliance with the requirement should take 
approximately 1 hour and that each corporate would hold 12 meetings per 
year. 27 corporates x 12 meetings = 324 meetings per year. 324 meetings 
x 1 hours = 324 hours.
    There are now 26 corporates, so the estimated burden is reduced. 26 
corporates x 12 meetings = 312 meetings per year. 312 meetings x 1 hour 
= 312 hours. Accordingly, this change has the effect of decreasing the 
estimated burden by 12 hours.
Section 704.21--Equitable Distribution of Corporate Credit Union 
Stabilization Fund Expenses
    The Board has determined not to adopt this proposal in the final 
rule. This eliminates the associated information collection 
requirements, which consisted of (i) an aggregate estimated 540 hours 
for the preparation of a list of non-FICU members of each corporate and 
providing the list to NCUA and (ii) an aggregate estimated 675 hours 
for conducting a special meeting of a corporate's members to expel a 
member and notifying NCUA of the result of the vote. Accordingly, the 
elimination of this section has the effect of decreasing the estimated 
aggregate burden by 1,215 hours.
Section 704.15(a)(2)--Management Report
    NCUA received one comment letter opposed to nearly every aspect of 
the audit and reporting requirements under proposed Sec.  704.15. One 
of the comments concerned NCUA's paperwork burden estimates. The 
commenter stated that the management report requirements in proposed 
Sec.  704.15(a)(2) will substantially increase the cost of compliance, 
``far beyond what the NCUA reports in the Summary of Collection Burden 
of the regulation.'' The commenter, however, failed to provide any 
specific information on what the increased burden hours or costs would 
be.
    There are two information collections in proposed Sec.  
704.15(a)(2), as described below:
    (1) As proposed, paragraphs (a)(2)(i) and (ii) of Sec.  704.15 
require all corporates to prepare an annual management report that 
contains a statement of management's responsibilities for performing 
certain duties in the corporate. The report must also contain an 
assessment of the corporate's compliance with certain laws and 
regulations. NCUA estimated that it should take a corporate 
approximately 4 hours to prepare its management report. 27 corporates x 
4 hours = 108 hours.
    (2) As proposed, paragraph (a)(2)(iii) of Sec.  704.15 required 
each corporate credit union with assets of $1 billion or more to 
include in its management report an assessment by management of the 
effectiveness of the corporate credit union's internal control 
structure and procedures for financial reporting. There were 16 
corporates with at least $1 billion in assets at the time the proposed 
rule was issued. NCUA estimated that it should take a corporate 
approximately 8 hours to prepare its assessment. 16 corporates x 8 
hours = 128 hours.
    After considering the comment and based on additional information, 
the following factors affect the estimated burden hours associated with 
Sec.  704.15(a)(2):

[[Page 23867]]

     The number of corporates has dropped from 27 to 26;
     The final rule applies the assessment requirements of 
Sec.  704.15(a)(2)(iii) to all corporates, regardless of asset size; 
and
     NCUA estimates that the burden hours per corporate will be 
25% greater than the burden estimated in the proposal.
    Accordingly, NCUA estimates that it should take a corporate about 5 
hours to prepare its management report under paragraphs (a)(2)(i) and 
(ii) of Sec.  704.15. 26 corporates x 5 hours = 130 hours.
    NCUA estimates that it should take a corporate about 10 hours to 
prepare its assessment under paragraph (a)(2)(iii) of Sec.  704.15. 26 
corporates x 10 hours = 260 hours.
    With the revisions described above, NCUA now estimates the total 
information collection burden represented by the final rule, calculated 
on an annual basis, as follows:
     Recorded director votes: 26 corporates x 12 meetings x 1 
hour = 312 hours.
     Disclosure of dual employee compensation from corporate 
CUSOs: 5 CUSOs x 1 hour = 5 hours.
     Management report: 26 corporates x 5 hours = 130 hours.
     Assessment: 26 corporates x 10 hours = 260 hours.
     Notice of engagement or change of accountants: 5 
corporates x 2 hours = 10 hours.
     Notification of late filing: 5 corporates x 1 hour = 5 
hours.
    Total Burden Hours: 722 hours.
    NCUA has submitted these burden revisions to OMB. NCUA expects that 
OMB will review and approve the revisions, and approve NCUA's 
submission, in the near future.

Executive Order 13132

    Executive Order 13132 encourages independent regulatory agencies to 
consider the impact of their actions on state and local interests. In 
adherence to fundamental federalism principles, NCUA, an independent 
regulatory agency as defined in 44 U.S.C. 3502(5), voluntarily complies 
with the executive order.
    The final rule will not have substantial direct effects on the 
states, on the connection between the national government and the 
states, or on the distribution of power and responsibilities among the 
various levels of government. NCUA has determined that this final rule 
does not constitute a policy that has federalism implications for 
purposes of the executive order.

The Treasury and General Government Appropriations Act, 1999--
Assessment of Federal Regulations and Policies on Families

    The NCUA has determined that this final rule will not affect family 
well-being within the meaning of section 654 of the Treasury and 
General Government Appropriations Act, 1999, Public Law 105-277, 112 
Stat. 2681 (1998).

Small Business Regulatory Enforcement Fairness Act

    The Small Business Regulatory Enforcement Fairness Act of 1996 
(Pub. L. 104-121) provides generally for congressional review of agency 
rules. A reporting requirement is triggered in instances where NCUA 
issues a final rule as defined by section 551 of the Administrative 
Procedure Act. 5 U.S.C. 551. The Office of Management and Budget has 
determined that this rule is not a major rule for purposes of the Small 
Business Regulatory Enforcement Fairness Act of 1996.

List of Subjects in 12 CFR Part 704

    Credit unions, Corporate credit unions, Reporting and recordkeeping 
requirements.

    By the National Credit Union Administration Board on April 21, 
2011.
Mary F. Rupp,
Secretary of the Board.
    For the reasons stated in the preamble, the National Credit Union 
Administration amends 12 CFR part 704 as set forth below:

PART 704--CORPORATE CREDIT UNIONS

0
1. The authority citation for part 704 continues to read as follows:

    Authority:  12 U.S.C. 1762, 1766(a), 1772a, 1781, 1789, and 
1795e.

0
2. Effective January 1, 2012, add definitions of Critical accounting 
policies, Enterprise risk management, Examination of internal control, 
Financial statements, Financial statement audit, Generally accepted 
auditing standards, Independent public accountant, Internal control, 
Internal control framework, Internal control over financial reporting, 
and Supervisory committee to Sec.  704.2 as follows:


Sec.  704.2  Definitions.

* * * * *
    Critical accounting policies means those policies that are most 
important to the portrayal of a corporate credit union's financial 
condition and results and that require management's most difficult, 
subjective, or complex judgments, often as a result of the need to make 
estimates about the effect of matters that are inherently uncertain.
* * * * *
    Enterprise risk management means the process of addressing risk on 
an entity-wide basis. The purpose of this process is not to eliminate 
risk but, rather, to provide the knowledge the board of directors and 
management need to effectively measure, monitor, and control risk and 
to then plan appropriate strategies to achieve the entity's business 
objectives with a reasonable amount of risk taking.
* * * * *
    Examination of internal control means an engagement of an 
independent public accountant to report directly on internal control or 
on management's assertions about internal control. An examination of 
internal control over financial reporting includes controls over the 
preparation of financial statements in accordance with accounting 
principles generally accepted in the United States of America (GAAP) 
and NCUA regulatory reporting requirements.
* * * * *
    Financial statements means the presentation of a corporate credit 
union's financial data, including accompanying notes, derived from 
accounting records of the credit union, and intended to disclose the 
credit union's economic resources or obligations at a point in time, or 
the changes therein for a period of time, in conformity with GAAP. Each 
of the following is considered to be a financial statement: a balance 
sheet or statement of financial condition; statement of income or 
statement of operations; statement of undivided earnings; statement of 
cash flows; statement of changes in members' equity; statement of 
revenue and expenses; and statement of cash receipts and disbursements.
    Financial statement audit means an audit of the financial 
statements of a corporate credit union performed in accordance with 
generally accepted auditing standards by an independent person who is 
licensed by the appropriate State or jurisdiction. The objective of a 
financial statement audit is to express an opinion as to whether those 
financial statements of the credit union present fairly, in all 
material respects, the financial position and the results of its 
operations and its cash flows in conformity with GAAP.
* * * * *
    Generally accepted auditing standards (GAAS) means the standards 
approved and adopted by the American Institute of Certified Public 
Accountants

[[Page 23868]]

which apply when an independent, licensed certified public accountant 
audits private company financial statements in the United States of 
America. Auditing standards differ from auditing procedures in that 
procedures address acts to be performed, whereas standards measure the 
quality of the performance of those acts and the objectives to be 
achieved by use of the procedures undertaken. In addition, auditing 
standards address the auditor's professional qualifications as well as 
the judgment exercised in performing the audit and in preparing the 
report of the audit.
* * * * *
    Independent public accountant (IPA) means a person who is licensed 
by, or otherwise authorized by, the appropriate State or jurisdiction 
to practice public accounting. An IPA must be able to exercise fairness 
toward credit union officials, members, creditors and others who may 
rely upon the report of a supervisory committee audit and to 
demonstrate the impartiality necessary to produce dependable findings. 
As used in this part, IPA is synonymous with the terms ``auditor'' and 
``accountant.'' The term IPA does not include a licensed person working 
in his or her capacity as an employee of an unlicensed entity and 
issuing an audit opinion in the unlicensed entity's name, e.g., a 
licensed league auditor or licensed retired examiner working for a non-
licensed entity.
* * * * *
    Internal control means the process, established by the corporate 
credit union's board of directors, officers and employees, designed to 
provide reasonable assurance of reliable financial reporting and 
safeguarding of assets against unauthorized acquisition, use, or 
disposition. A credit union's internal control structure generally 
consists of five components: Control environment; risk assessment; 
control activities; information and communication; and monitoring. 
Reliable financial reporting refers to preparation of Call Reports that 
meet management's financial reporting objectives. Internal control over 
safeguarding of assets against unauthorized acquisition, use, or 
disposition refers to prevention or timely detection of transactions 
involving such unauthorized access, use, or disposition of assets which 
could result in a loss that is material to the financial statements.
    Internal control framework means criteria such as that established 
in Internal Control--Integrated Framework, issued by the Committee of 
Sponsoring Organizations of the Treadway Commission (COSO), or 
comparable, reasonable, and U.S.-recognized criteria.
    Internal control over financial reporting means a process effected 
by those charged with governance, management, and other personnel, 
designed to provide reasonable assurance regarding the preparation of 
reliable financial statements in accordance with accounting principles 
generally accepted in the United States of America. A corporate credit 
union's internal control over financial reporting includes those 
policies and procedures that:
    (1) Pertain to the maintenance of records that, in reasonable 
detail, accurately and fairly reflect the transactions and dispositions 
of the assets of the entity;
    (2) Provide reasonable assurance that transactions are recorded as 
necessary to permit preparation of financial statements in accordance 
with accounting principles generally accepted in the United States of 
America, and that receipts and expenditures of the entity are being 
made only in accordance with authorizations of management and those 
charged with governance; and
    (3) Provide reasonable assurance regarding prevention, or timely 
detection and correction, of unauthorized acquisition, use, or 
disposition of the entity's assets that could have a material effect on 
the financial statements.
* * * * *
    Supervisory committee means, for federally chartered corporate 
credit unions, the supervisory committee as defined in Section 111(b) 
of the Federal Credit Union Act, 12 U.S.C. 1761(b). For state chartered 
corporate credit unions, the term supervisory committee refers to the 
audit committee, or similar committee, designated by state statute or 
regulation.
* * * * *

0
3. Revise paragraphs (g)(5) and (g)(6), and add a new paragraph (g)(7), 
to Sec.  704.11 to read as follows:


Sec.  704.11.  Corporate Credit Union Service Organizations (Corporate 
CUSOs).

* * * * *
    (g) * * *
    (5) Will allow the auditor, board of directors, and NCUA complete 
access to the CUSO's personnel, facilities, equipment, books, records, 
and any other documentation that the auditor, directors, or NCUA deem 
pertinent;
    (6) Will inform the corporate, at least quarterly, of all the 
compensation paid by the CUSO to its employees who are also employees 
of the corporate credit union; and
    (7) Will comply with all the requirements of this section.
* * * * *

0
4. Revise paragraphs (c)(6) and (c)(7), and add a new paragraph (c)(8), 
in Sec.  704.13 to read as follows:


Sec.  704.13  Board responsibilities.

* * * * *
    (c) * * *
    (6) Financial performance is evaluated to ensure that the 
objectives of the corporate credit union and the responsibilities of 
management are met;
    (7) Planning addresses the retention of external consultants, as 
appropriate, to review the adequacy of technical, human, and financial 
resources dedicated to support major risk areas; and
    (8) For each item before the board, the meeting minutes list the 
names of directors and their votes, as well as the names of any 
directors who did not vote, except that if the minutes include a 
complete list of directors attending the meeting, the vote tally need 
only list the names of directors who voted against the item or who 
abstained.

0
5. Effective January 1, 2012, revise Sec.  704.15 to read as follows:


Sec.  704.15  Audit and reporting requirements.

    (a) Annual reporting requirements--(1) Audited financial 
statements. A corporate credit union must prepare annual financial 
statements in accordance with generally accepted accounting principles 
(GAAP), which must be audited by an independent public accountant in 
accordance with generally accepted auditing standards. The annual 
financial statements and regulatory reports must reflect all material 
correcting adjustments necessary to conform with GAAP that were 
identified by the corporate credit union's independent public 
accountant.
    (2) Management report. Each corporate credit union must prepare, as 
of the end of the previous calendar year, an annual management report 
that contains the following:
    (i) A statement of management's responsibilities for preparing the 
corporate credit union's annual financial statements, for establishing 
and maintaining an adequate internal control structure and procedures 
for financial reporting, and for complying with laws and regulations 
relating to safety and soundness in the following areas: affiliate 
transactions, legal lending limits, loans to insiders, restrictions on 
capital and share

[[Page 23869]]

dividends, and regulatory reporting that meets full and fair 
disclosure;
    (ii) An assessment by management of the corporate credit union's 
compliance with such laws and regulations during the past calendar 
year. The assessment must state management's conclusion as to whether 
the corporate credit union has complied with the designated safety and 
soundness laws and regulations during the calendar year and disclose 
any noncompliance with the laws and regulations; and
    (iii) Beginning on and after January 1, 2013, an assessment by 
management of the effectiveness of the corporate credit union's 
internal control structure and procedures as of the end of the past 
calendar year that must include the following:
    (A) A statement identifying the internal control framework used by 
management to evaluate the effectiveness of the corporate credit 
union's internal control over financial reporting;
    (B) A statement that the assessment included controls over the 
preparation of regulatory financial statements in accordance with 
regulatory reporting instructions including identification of such 
regulatory reporting instructions; and
    (C) A statement expressing management's conclusion as to whether 
the corporate credit union's internal control over financial reporting 
is effective as of the end of the previous calendar year. Management 
must disclose all material weaknesses in internal control over 
financial reporting, if any, that it has identified that have not been 
remediated prior to the calendar year-end. Management may not conclude 
that the corporate credit union's internal control over financial 
reporting is effective if there are one or more material weaknesses.
    (3) Management report signatures. The chief executive officer and 
either the chief accounting officer or chief financial officer of the 
corporate credit union must sign the management report.
    (b) Independent public accountant--(1) Annual audit of financial 
statements. Each corporate credit union must engage an independent 
public accountant to audit and report on its annual financial 
statements in accordance with generally accepted auditing standards. 
The scope of the audit engagement must be sufficient to permit such 
accountant to determine and report whether the financial statements are 
presented fairly and in accordance with GAAP. A corporate credit union 
must provide its independent public accountant with a copy of its most 
recent Call Report and NCUA examination report. It must also provide 
its independent public accountant with copies of any notice that its 
capital category is being changed or reclassified and any 
correspondence from NCUA regarding compliance with this section.
    (2) Internal control over financial reporting. Beginning on and 
after January 1, 2014, the independent public accountant who audits the 
corporate credit union's financial statements must examine, attest to, 
and report separately on the assertion of management concerning the 
effectiveness of the corporate credit union's internal control 
structure and procedures for financial reporting. The attestation and 
report must be made in accordance with generally accepted standards for 
attestation engagements. The accountant's report must not be dated 
prior to the date of the management report and management's assessment 
of the effectiveness of internal control over financial reporting. 
Notwithstanding the requirements set forth in applicable professional 
standards, the accountant's report must include the following:
    (i) A statement identifying the internal control framework used by 
the independent public accountant, which must be the same as the 
internal control framework used by management, to evaluate the 
effectiveness of the corporate credit union's internal control over 
financial reporting;
    (ii) A statement that the independent public accountant's 
evaluation included controls over the preparation of regulatory 
financial statements in accordance with regulatory reporting 
instructions including identification of such regulatory reporting 
instructions; and
    (iii) A statement expressing the independent public accountant's 
conclusion as to whether the corporate credit union's internal control 
over financial reporting is effective as of the end of the previous 
calendar year. The report must disclose all material weaknesses in 
internal control over financial reporting that the independent public 
accountant has identified that have not been remediated prior to the 
calendar year-end. The independent public accountant may not conclude 
that the corporate credit union's internal control over financial 
reporting is effective if there are one or more material weaknesses.
    (3) Notice by accountant of termination of services. An independent 
public accountant performing an audit under this part who ceases to be 
the accountant for a corporate credit union must notify NCUA in writing 
of such termination within 15 days after the occurrence of such event 
and set forth in reasonable detail the reasons for such termination.
    (4) Communications with supervisory committee. In addition to the 
requirements for communications with audit committees set forth in 
applicable professional standards, the independent public accountant 
must report the following on a timely basis to the supervisory 
committee:
    (i) All critical accounting policies and practices to be used by 
the corporate credit union;
    (ii) All alternative accounting treatments within GAAP for policies 
and practices related to material items that the independent public 
accountant has discussed with management, including the ramifications 
of the use of such alternative disclosures and treatments, and the 
treatment preferred by the independent public accountant; and
    (iii) Other written communications the independent public 
accountant has provided to management, such as a management letter or 
schedule of unadjusted differences.
    (5) Retention of working papers. The independent public accountant 
must retain the working papers related to the audit of the corporate 
credit union's financial statements and, if applicable, the evaluation 
of the corporate credit union's internal control over financial 
reporting for seven years from the report release date, unless a longer 
period of time is required by law.
    (6) Independence. The independent public accountant must comply 
with the independence standards and interpretations of the American 
Institute of Certified Public Accountants (AICPA).
    (7) Peer reviews and inspection reports. (i) Prior to commencing 
any services for a corporate credit union under this section, the 
independent public accountant must have received a peer review, or be 
enrolled in a peer review program, that meets acceptable guidelines. 
Acceptable peer reviews include peer reviews performed in accordance 
with the AICPA's Peer Review Standards and inspections conducted by the 
Public Company Accounting Oversight Board (PCAOB).
    (ii) Within 15 days of receiving notification that the AICPA has 
accepted a peer review or the PCAOB has issued an inspection report, or 
before commencing any audit under this section, whichever is earlier, 
the independent public accountant must file a copy of the most recent 
peer review report and the public portion of the most recent PCAOB 
inspection report, if any, accompanied by any

[[Page 23870]]

letters of comments, response, and acceptance, with NCUA if the report 
has not already been filed.
    (iii) Within 15 days of the PCAOB making public a previously 
nonpublic portion of an inspection report, the independent public 
accountant must file a copy of the previously nonpublic portion of the 
inspection report with NCUA.
    (c) Filing and notice requirements--(1) Annual Report. Each 
corporate credit union must, no later than 180 days after the end of 
the calendar year, file an Annual Report with NCUA consisting of the 
following documents:
    (i) The audited comparative annual financial statements;
    (ii) The independent public accountant's report on the audited 
financial statements;
    (iii) The management report; and
    (iv) The independent public accountant's attestation report on 
management's assessment concerning the corporate credit union's 
internal control structure and procedures for financial reporting.
    (2) Public availability. The annual report in paragraph (c)(1) of 
this section will be made available by NCUA for public inspection.
    (3) Independent public accountant's letters and reports. Each 
corporate credit union must file with NCUA a copy of any management 
letter or other report issued by its independent public accountant with 
respect to such corporate credit union and the services provided by 
such accountant pursuant to this part (except for the independent 
public accountant's reports that are included in the Annual Report) 
within 15 days after receipt by the corporate credit union. Such 
reports include, but are not limited to:
    (i) Any written communication regarding matters that are required 
to be communicated to the supervisory committee (for example, critical 
accounting policies, alternative accounting treatments discussed with 
management, and any schedule of unadjusted differences); and
    (ii) Any written communication of significant deficiencies and 
material weaknesses in internal control required by the AICPA's 
auditing standards.
    (4) Notice of engagement or change of accountants. Each corporate 
credit union that engages an independent public accountant, or that 
loses an independent public accountant through dismissal or 
resignation, must notify NCUA within 15 days after the engagement, 
dismissal, or resignation. The corporate credit union must include with 
the notice a reasonably detailed statement of the rea