Prudential Management and Operations Standards, 35791-35799 [2011-15100]

Agencies

• FEDERAL HOUSING FINANCE AGENCY

[Federal Register Volume 76, Number 118 (Monday, June 20, 2011)]
[Proposed Rules]
[Pages 35791-35799]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2011-15100]


-----------------------------------------------------------------------

FEDERAL HOUSING FINANCE AGENCY

12 CFR Part 1236

RIN 2590-AA13


Prudential Management and Operations Standards

AGENCY: Federal Housing Finance Agency.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: Section 1108 of the Housing and Economic Recovery Act of 2008 
(HERA) amended the Federal Housing Enterprises Financial Safety and 
Soundness Act of 1992 (Safety and Soundness Act) to require the Federal 
Housing Finance Agency (FHFA) to establish prudential standards 
relating to the management and operations of the Federal National 
Mortgage Association (Fannie Mae), Federal Home Loan Mortgage 
Corporation (Freddie Mac), and Federal Home Loan Banks (Banks) 
(collectively, regulated entities). FHFA is proposing to implement 
those HERA amendments by providing for the establishment of the 
prudential standards in the form of guidelines, which initially would 
be set out in an appendix to the rule. The proposal also would include 
other provisions relating to the possible consequences for a regulated 
entity that fails to operate in accordance with the prudential 
standards.

DATES: Written comments on the proposed rule must be received on or 
before August 19, 2011. For additional information, see SUPPLEMENTARY 
INFORMATION.

ADDRESSES: You may submit your comments on the proposed rule, 
identified by regulatory information number ``RIN 2590-AA13,'' by any 
of the following methods:
     E-mail: Comments to Alfred M. Pollard, General Counsel, 
may be sent by e-mail to RegComments@FHFA.gov. Please include ``RIN 
2590-AA13'' in the subject line of the message.
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments. If you submit your 
comment to the Federal eRulemaking Portal, please also send it by e-
mail to FHFA at RegComments@fhfa.gov to ensure timely receipt by the 
agency. Include the following information in the subject line of your 
submission: Comments/RIN 2590-AA13.
     U.S. Mail, United Parcel Post, Federal Express, or Other 
Mail Service: The mailing address for comments is: Alfred M. Pollard, 
General Counsel, Attention: Comments/RIN 2590-AA13, Federal Housing 
Finance Agency, Fourth Floor, 1700 G Street, NW., Washington, DC 20552.
     Hand Delivered/Courier: The hand delivery address is: 
Alfred M. Pollard, General Counsel; Attention: Comments/RIN 2590-AA13, 
Federal Housing Finance Agency, Fourth Floor, 1700 G Street, NW., 
Washington, DC 20552. The package should be logged at the Guard Desk, 
First Floor, on business days between 9 a.m. and 5 p.m.

FOR FURTHER INFORMATION CONTACT: Amy Bogdon, Associate Director, 
Division of Federal Home Loan Bank Regulation, Federal Housing Finance 
Agency, 1625 Eye Street, NW., Washington, DC 20006, 
amy.bogdon@fhfa.gov, (202) 408-2546; Carol Connelly, Principal 
Supervision Specialist, Division of Examination Programs and Support, 
carol.connelly@fhfa.gov, (202) 414-8910; or Neil R. Crowley, Deputy 
General Counsel, neil.crowley@fhfa.gov, (202) 343-1316, Federal Housing 
Finance Agency, 1700 G Street, NW., Washington, DC 20552 (not toll free 
numbers). The telephone number for the

[[Page 35792]]

Telecommunications Device for the Deaf is (800) 877-8339.

SUPPLEMENTARY INFORMATION:

I. Comments

    FHFA invites comments on all aspects of the proposed rule and will 
take all comments into consideration before issuing a final rule. 
Copies of all comments will be posted without change, including any 
personal information you provide, such as your name and address, on the 
FHFA Web site at https://www.fhfa.gov. In addition, copies of all 
comments will be available for examination by the public on business 
days between the hours of 10 a.m. and 3 p.m., at the Federal Housing 
Finance Agency, Fourth Floor, 1700 G Street, NW., Washington, DC 20552. 
To make an appointment to inspect comments, please call the Office of 
General Counsel at (202) 414-3751.

II. Background

    Effective July 30, 2008, HERA, Public Law No. 110-289, 122 Stat. 
2654 (2008), created FHFA as an independent agency of the Federal 
Government and transferred to it the supervisory and oversight 
responsibilities over the regulated entities formerly vested with the 
Office of Federal Housing Enterprise Oversight (OFHEO) and the Federal 
Housing Finance Board (FHFB). Section 1108 of HERA also added a new 
section 1313B to the Safety and Soundness Act, which requires the FHFA 
Director to establish standards that address 10 separate areas relating 
to the management and operation of the regulated entities, and 
authorizes the Director to establish the standards by regulation or by 
guideline. 12 U.S.C. 4513b. Those 10 areas relate to: Adequacy of 
internal controls and information systems; adequacy and independence of 
the internal audit systems; management of interest rate risk; 
management of market risk; adequacy of liquidity and reserves; 
management of growth in assets and in the investment portfolio; 
management of investments and acquisition of assets to ensure that they 
are consistent with the purposes of the Safety and Soundness Act and 
the regulated entities' authorizing statutes; \1\ adequacy of overall 
risk management processes; adequacy of credit and counterparty risk 
management practices; and maintenance of records that allow an accurate 
assessment of the institution's financial condition. 12 U.S.C. 
4513b(a)(1)-(10). Section 1313B(a) also specifically authorizes the 
Director to establish other appropriate management and operations 
standards. 12 U.S.C. 4513b(a)(11). The HERA amendments require that the 
prudential standards be established with respect to the regulated 
entities, which term does not include the Banks' Office of Finance 
(OF), although HERA would not necessarily preclude FHFA from extending 
the prudential standards (or comparable standards) to the OF. FHFA is 
not proposing to subject the OF to the prudential standards regime, in 
large part because several of the standards address matters that are 
not relevant to the OF, such as those relating to interest rate, market 
and credit risks, and investment portfolio growth. The same is true 
with respect to the statutory sanctions for noncompliance with the 
standards, which include limits on asset growth and increases in 
capital. FHFA welcomes any comments on this issue.
---------------------------------------------------------------------------

    \1\ The authorizing statute for Fannie Mae is the Federal 
National Mortgage Association Charter Act (12 U.S.C. 1716-1723i), 
for Freddie Mac, the Federal Home Loan Mortgage Corporation Act (12 
U.S.C. 1451-1459), and for the Banks, the Federal Home Loan Bank Act 
(12 U.S.C. 1421-1449) (Bank Act). 12 U.S.C. 4502(3).
---------------------------------------------------------------------------

    Section 1313B(b)(1) addresses the possible consequences for a 
regulated entity that fails to meet any of the prudential standards, 
and provides that the Director ``shall require'' the regulated entity 
to submit a corrective plan if the standards have been adopted by 
regulation and ``may require'' the regulated entity to submit a 
corrective plan if the standards have been adopted as guidelines. 12 
U.S.C. 4513b(b)(1)(A). If a regulated entity is required to submit a 
corrective plan to FHFA, it must do so within thirty (30) days after 
the Director determines that it has failed to meet any standard. That 
plan must specify the actions that the regulated entity will take to 
conform its practices to the requirements of the prudential standards. 
12 U.S.C. 4513b(b)(1). FHFA generally must act on such plans within 
thirty (30) days after receipt. 12 U.S.C. 4513b(b)(1)(C)(ii).
    Section 1313B(b)(2) also addresses the possible consequences for a 
regulated entity that fails to submit an acceptable plan within the 
required time period or that fails in any material respect to implement 
a corrective plan that the Director has approved. In those cases, the 
Director must order the regulated entity to correct the deficiency. 12 
U.S.C. 4513b(b)(2)(A). The Director also has the discretionary 
authority to order further sanctions, including limits on asset growth, 
increases in capital, or any other action the Director believes 
appropriate until the regulated entity comes into compliance with the 
prudential standard. 12 U.S.C. 4513b(b)(2)(B). Although the imposition 
of those additional sanctions generally is a matter of discretion for 
the Director, if a regulated entity that has failed to submit or 
implement a corrective plan also has experienced ``extraordinary 
growth'' within the preceding 18 months, the Director is then required 
to impose at least one of those additional sanctions. The concept of 
``extraordinary growth'' comes into play only in those narrow 
circumstances and thus is not a statutory factor when the Director is 
considering whether a regulated entity has failed to comply with a 
prudential standard, whether the Director should require the submission 
of a corrective plan, or whether the Director should impose 
discretionary sanctions. All of the remedial powers that the Director 
may invoke under the prudential standards provisions are not exclusive, 
and section 1313B(c) expressly preserves the Director's right to 
exercise any other supervisory or enforcement authority under the 
Safety and Soundness Act. 12 U.S.C. 4513b(c).
    Because Congress preserved all of the existing rules, regulations, 
orders, resolutions, and determinations of OFHEO and the FHFB,\2\ any 
such existing provisions that pertain to the prudential management and 
operations of the regulated entities remain in full force and effect 
until FHFA has modified, cancelled, or repealed them. Unless any of the 
existing provisions are incorporated into the guidelines, a regulated 
entity's failure to comply with the existing provisions will not 
trigger the remedial provisions of section 1313B of the Safety and 
Soundness Act, although it would allow FHFA to pursue other supervisory 
remedies. After this rule is adopted, FHFA anticipates undertaking a 
systematic review of existing regulatory requirements that may overlap 
with these standards. Commenters are invited to identify areas of 
potential overlap or conflict between existing requirements or guidance 
and the proposed standards.
---------------------------------------------------------------------------

    \2\ Sections 1302 and 1312 of HERA (codified at 12 U.S.C. 4511 
note) provide that all regulations, orders, determinations, and 
resolutions issued or prescribed by OFHEO and the FHFB remain in 
effect until modified, terminated, set aside, or superseded by FHFA.
---------------------------------------------------------------------------

III. Analysis of the Proposed Rule

Purpose and Definitions: Sec. Sec.  1236.1 and 1236.2

    Proposed Sec.  1236.1 explains that the purposes of the new part 
1236 are to establish the prudential management and operations 
standards regulated entities must meet and the consequences if a 
regulated entity fails to meet the standards or fails to comply with 
this part. Proposed Sec.  1236.2

[[Page 35793]]

defines certain key terms used in the prudential management and 
operations standards regulation. The only term unique to this part is 
``extraordinary growth,'' which is defined differently for the Banks, 
by excluding advances growth, because rapid growth in advances does not 
present the same supervisory concerns that may result from rapid growth 
of other assets and because such growth may be central to the purpose 
of the Federal Home Loan Bank System as was seen in 2007 and 2008. 
Thus, for the Banks the proposed rule would define ``extraordinary 
growth'' to mean, for a given calendar quarter, quarterly non-
annualized growth of non-advance assets in excess of 7.5 percent. With 
respect to the Enterprises, the proposed rule defines ``extraordinary 
growth'' to mean, for a given calendar quarter, quarterly non-
annualized growth of assets in excess of 7.5 percent. With respect to 
both the Banks and the Enterprises, the extraordinary growth must have 
occurred within the 18-month period preceding the date on which FHFA 
notifies the entity that it has failed to meet a prudential standard 
and must therefore submit a corrective plan.
    Defining ``extraordinary growth'' in this manner recognizes that 
the Banks' primary mission is providing secured credit to their members 
and that rapid growth in advances does not necessarily raise 
supervisory concerns. Advances differ from other assets in that they 
are self-capitalizing, i.e., a member must buy and hold a certain 
amount of Bank stock in order to obtain an advance, and are fully 
secured, principally by first mortgage loans or securities representing 
interest in such loans. The credit risk associated with advances is 
minimal, as shown by the fact that the Banks have never sustained a 
credit loss on an advance to their members. Moreover, the public 
mission of the Banks is to provide secured credit, as needed by their 
members for both housing finance and liquidity purposes. The 
significant growth in advances balances during the recent financial 
crisis demonstrated the extent to which the Banks provided financial 
support to the banking industry and the importance of allowing the 
Banks to expand and contract their advances portfolios in response to 
the needs of their members. In contrast, rapid growth of non-advance 
assets by a Bank may present supervisory concerns, and for that reason 
the proposed rule would use the same standard--7.5 percent growth over 
any calendar quarter--for non-advance growth for the Banks as it uses 
for growth in total assets for an Enterprise. The proposed definition 
provides a straightforward standard that should be easy for the 
regulated entities to understand and to calculate. Moreover, basing the 
definition on the concept of quarterly asset growth is consistent with 
that aspect of the definition of extraordinary growth used by the 
federal banking agencies for implementing their own prudential 
standards statute. See 12 CFR Sec.  30.4(d)(2). For purposes of 
calculating an increase in assets, FHFA proposes to exclude assets that 
a regulated entity acquires through merger or acquisition with another 
regulated entity that FHFA has approved.
    As noted above, the concept of ``extraordinary growth'' becomes 
relevant only if a regulated entity has either failed to submit an 
acceptable corrective plan or has failed to implement an approved plan. 
The presence of ``extraordinary growth'' by itself does not trigger any 
of the supervisory sanctions under the prudential standards statute or 
this proposed rule, although FHFA may invoke its other supervisory 
authorities if necessary to address asset growth that it believes poses 
other safety and soundness concerns.

Prudential Management and Operations Standards: Sec.  1236.3

    Proposed Sec.  1236.3 would implement section 1313B(a) of the 
Safety and Soundness Act (12 U.S.C. 4513b(a)), which requires the 
Director to establish prudential management and operations standards 
relating to the 10 categories described above. The HERA amendments 
authorize the Director to adopt the standards either as regulations or 
as guidelines, and the Director is proposing to adopt the standards as 
guidelines, which initially would be set forth in an Appendix to part 
1236. Section 1236.3(b) of the proposed rule further provides that, 
because the standards set forth in the Appendix would be adopted as 
guidelines, the Director may modify, revoke or add to them at any time 
by order, rather than through a notice and comment rulemaking. This 
approach will allow FHFA to timely update the standards to conform them 
to changes in best practices, as well as to address particular 
supervisory concerns. It also maintains the flexibility to seek public 
comment on changes to the guidance, as appropriate. Section 1236.3(c) 
of the proposal further provides that a failure to meet any standard 
also may constitute an unsafe and unsound practice for purposes of 12 
U.S.C. chapter 46, subchapter III, which would allow FHFA to initiate 
an administrative enforcement action, in addition to any sanctions that 
may be imposed under the prudential standards authorized by HERA.

Failure To Meet the Prudential Standards: Sec.  1236.4

    Proposed Sec.  1236.4 implements section 1313B(b) of the Safety and 
Soundness Act, which provides specific remedies that FHFA may use if a 
regulated entity fails to meet a prudential management and operations 
standard. 12 U.S.C. 4513b(b)(1). Proposed Sec.  1236.4(a) provides that 
FHFA has the discretion to determine if a regulated entity has failed 
to operate in accordance with one or more of the prudential management 
and operations standards set forth in the Appendix, and may base that 
determination on any information available to it, such as information 
obtained through the examination process or other supervisory 
processes. Proposed Sec.  1236.4(b) further provides that if FHFA makes 
such a determination, it may require the regulated entity to submit a 
corrective plan to address those deficiencies. Because the prudential 
standards would be established as guidelines, FHFA is not mandated to 
require the submission of a corrective plan, as would be the case if 
the standards were to be established as regulations.
    Proposed Sec.  1236.4(c) addresses the contents and filing 
requirements relating to a corrective plan. Each corrective plan must 
specify the actions that the regulated entity will take to correct the 
deficiencies and the time within which each action will be taken. The 
corrective plan is due not later than thirty (30) calendar days after 
FHFA has notified the regulated entity that it has failed to meet one 
or more of the prudential standards, unless FHFA sets a different time 
period. With the permission of FHFA, a regulated entity that must file, 
or currently is operating under, a capital restoration plan submitted 
pursuant to 12 U.S.C. 4622, a cease-and-desist order entered into 
pursuant to 12 U.S.C. 4631 or 4632, a formal or informal agreement, or 
a response to a report of examination or report of inspection, may 
submit the corrective plan as part of that other plan, order, agreement 
or response.
    Proposed Sec.  1236.4(d) allows a regulated entity that is 
operating under an approved corrective plan to submit a written request 
to FHFA to amend the existing plan to reflect any changes in 
circumstance. Until such time as FHFA approves a proposed amendment, 
the regulated entity must implement and abide by the previously 
approved corrective plan.

[[Page 35794]]

    Proposed Sec.  1236.4(e) addresses the period of time within which 
FHFA must act in response to the submission of a corrective plan. 
Generally speaking, within thirty (30) calendar days of its receipt of 
a corrective plan, FHFA must notify the regulated entity of its 
decision on the plan (i.e., approval or denial), or of its need for 
additional information, or of its decision to extend the review period 
beyond thirty (30) calendar days.
Failure To Submit or To Implement a Corrective Plan: Sec.  1236.5
    Proposed Sec.  1236.5(a) sets forth the actions FHFA may take if a 
regulated entity has failed to timely submit an acceptable corrective 
plan or has failed to implement or otherwise comply with an approved 
corrective plan in any material respect. At a minimum, the Director 
must order the regulated entity to correct that deficiency, as is 
required by statute. The proposal further lists the other actions that 
the Director, in his discretion, may take with respect to the 
deficiency. Those discretionary actions are consistent with those 
listed in section 1313B(b)(2)(B) of the Safety and Soundness Act and 
include limits on asset growth and requirements to increase capital, 
which are described in the statute, as well as limits on dividends and 
stock redemptions or repurchases, and/or a minimum level of retained 
earnings. 12 U.S.C. 4513b(b)(2)(B). The latter set of limits are not 
explicitly mentioned in the statute, but FHFA has included them in the 
regulation under its authority to require a regulated entity to take 
any other actions it deems necessary to carry out these provisions of 
the statute. In addition, Sec.  1236.5(b) provides that if a regulated 
entity that has failed to submit or implement a corrective plan also 
has experienced ``extraordinary growth'' the Director shall impose at 
least one of the sanctions listed above, which action also is required 
by statute.
    Under proposed Sec.  1236.5(c)(1), FHFA generally will notify a 
regulated entity that has failed to submit or implement a corrective 
plan of its intent to issue an order requiring the regulated entity to 
take corrective action. The notice will include: (1) A statement that 
the regulated entity has failed to submit a corrective plan under Sec.  
1236.4, or has not implemented or otherwise complied with an approved 
plan; (2) a description of any discretionary sanctions that FHFA 
proposes to impose and, if the regulated entity has experienced 
``extraordinary growth,'' a description of any mandatory restrictions 
that FHFA intends to impose under 12 U.S.C. 4513b(b)(3); and (3) the 
proposed date when any restriction or prohibition would become 
effective or the proposed date for completion of any required action. 
Under proposed Sec.  1236.5(c)(2), a regulated entity generally has 
fourteen (14) calendar days to respond to a notice unless otherwise 
specified by FHFA. The proposal identifies the minimum contents that a 
regulated entity's response should include, which are an explanation 
why the regulated entity believes that the action proposed by FHFA is 
not an appropriate exercise of discretion; recommend modifications, if 
any, to the proposed order; and any additional relevant information. 
FHFA will deem a failure to respond to constitute a waiver of the 
opportunity to respond and consent to issuance of the order.
    If the circumstances so require, proposed Sec.  1236.5(c)(4) 
provides that FHFA need not provide advance notice and may instead 
require a regulated entity immediately to take or refrain from taking 
actions to correct its failure to meet one or more of the prudential 
management and operations standards. Within fourteen (14) calendar days 
of the issuance of such an immediately effective order, unless 
otherwise specified by FHFA, a regulated entity may appeal the order in 
writing. FHFA will act on an appeal within sixty (60) days, during 
which time the order will remain in effect unless FHFA stays its 
effectiveness.
    Under proposed Sec.  1236.5(d), a regulated entity that is subject 
to an order may submit a written request to FHFA for an amendment to 
reflect a change in circumstances. Until such time as FHFA approves a 
proposed amendment, any such order would remain in effect.
    Proposed Sec.  1236.5(e) requires FHFA to act on a response to a 
notice or a request to amend a plan not later than thirty (30) days 
after a regulated entity submits the plan or amendment unless FHFA 
specifies a different time period in writing. After considering a 
regulated entity's response or amendment request, FHFA may: (1) Issue 
the order as proposed or in modified form; (2) determine not to issue 
the order and instead issue a different order; or (3) seek additional 
information or clarification of the response from the regulated entity, 
or any other relevant source.
    When promulgating regulations that relate to the Banks under 
section 1313(f) of the Safety and Soundness Act (as amended by section 
1201 of HERA), the Director must consider the differences between the 
Banks and the Enterprises with respect to the Banks' cooperative 
ownership structure; mission of providing liquidity to members; 
affordable housing and community development mission; capital 
structure; and joint and several liability. The Director also may 
consider any other differences deemed appropriate. 12 U.S.C. 4513(f). 
In preparing the proposed rule, the Director considered the differences 
between the Banks and the Enterprises as they relate to the above 
factors. The Director is requesting comments from the public about 
whether differences related to these factors should result in a 
revision of the proposed rule or the standards as they relate to the 
Banks.

IV. Paperwork Reduction Act

    The proposed regulation does not contain any information collection 
requirement that requires the approval of the Office of Management and 
Budget under the Paperwork Reduction Act (44 U.S.C. 3501 et seq.).

V. Regulatory Flexibility Act

    The Regulatory Flexibility Act (5 U.S.C. 601 et seq.) requires an 
agency to analyze a proposed regulation's impact on small entities if 
the final rule is expected to have a significant economic impact on a 
substantial number of small entities. 5 U.S.C. 605(b). FHFA has 
considered the impact of this regulation and determined that it is not 
likely to have a significant economic impact on a substantial number of 
small entities because it applies only to the Regulated Entities, which 
are not small entities for purposes of the Regulatory Flexibility Act.

List of Subjects in 12 CFR Part 1236

    Administrative practice and procedure, Federal home loan banks, 
Government-sponsored enterprises, Reporting and recordkeeping 
requirements.

    For the reasons stated in the preamble, FHFA proposes to amend 
chapter XII of title 12 of the Code of Federal Regulations by adding 
part 1236 to subchapter B to read as follows:

PART 1236--PRUDENTIAL MANAGEMENT AND OPERATIONS STANDARDS

Sec.
1236.1 Purpose.
1236.2 Definitions.
1236.3 Prudential standards as guidelines.
1236.4 Failure to meet a standard; Corrective plans.
1236.5 Failure to submit a corrective plan; Noncompliance.
Appendix to Part 1236--Prudential Management and Operations 
Standards

    Authority:  12 U.S.C. 4511, 4513(a) and (f), 4513b, and 4526.

[[Page 35795]]

Sec.  1236.1  Purpose.

    This part establishes the prudential management and operations 
standards that are required by 12 U.S.C. 4513b, and specifies the 
possible consequences for any regulated entity that fails to operate in 
accordance with the standards or otherwise fails to comply with this 
part.


Sec.  1236.2  Definitions.

    Unless otherwise indicated, terms used in this part have the 
meanings that they have in the Federal Housing Enterprises Financial 
Safety and Soundness Act, 12 U.S.C. 4501 et seq., or the Federal Home 
Loan Bank Act, 12 U.S.C. 1421 et seq.
    Extraordinary growth, for purposes of 12 U.S.C. 4513b(b)(3)(C), 
means, with respect to the Banks, for a given calendar quarter, 
quarterly non-annualized growth of non-advance assets in excess of 7.5 
percent, and with respect to the Enterprises, for a given calendar 
quarter, quarterly non-annualized growth of assets in excess of 7.5 
percent, in both cases with such growth occurring within the 18-month 
period preceding the issuance of a written notice requiring the entity 
to submit a corrective plan. For purposes of calculating an increase in 
assets, assets acquired through merger or acquisition approved by FHFA 
are not to be included.
    FHFA means the Federal Housing Finance Agency.
    Standard means any one or more of the prudential management and 
operations standards set out in the Appendix to this part, as modified 
from time to time pursuant to Sec.  1236.3(b).


Sec.  1236.3  Prudential standards as guidelines.

    (a) The Standards constitute the prudential management and 
operations standards required by 12 U.S.C. 4513b.
    (b) The Standards are adopted as guidelines, as authorized by 12 
U.S.C. 4513b(a), and the Director may modify, revoke or add to the 
Standards, or any one or more of them, at any time by order.
    (c) Failure to meet any Standard may constitute an unsafe and 
unsound practice for purposes of the enforcement provisions of 12 
U.S.C. chapter 46, subchapter III.


Sec.  1236.4  Failure to meet a standard; Corrective plans.

    (a) Determination. FHFA may, based upon an examination, inspection 
or any other information, determine that a regulated entity has failed 
to meet one or more of the Standards.
    (b) Submission of corrective plan. If a regulated entity has failed 
to meet any Standard, FHFA may, by written notice, require the 
regulated entity to submit a corrective plan.
    (c) Corrective plans.--(1) Contents of plan. A corrective plan 
shall describe the actions the regulated entity will take to correct 
its failure to meet any one or more of the Standards, and the time 
within which each action will be taken.
    (2) Filing deadline.--(i) In general. A regulated entity must file 
a written corrective plan with FHFA within thirty (30) calendar days of 
being notified of its failure to meet a Standard, unless FHFA notifies 
the regulated entity in writing that the plan must be filed within a 
different time period.
    (ii) Other plans. If a regulated entity must file, or currently is 
operating under, a capital restoration plan submitted pursuant to 12 
U.S.C. 4622, a cease-and-desist order entered into pursuant to 12 
U.S.C. 4631 or 4632, a formal or informal agreement, or a response to a 
report of examination or report of inspection, it may, with the 
permission of FHFA, submit the corrective plan required under this 
section as part of that other plan, order, agreement or response, 
subject to the deadline in paragraph (c)(2)(i) of this section.
    (d) Amendment of corrective plan. A regulated entity that is 
operating in accordance with an approved corrective plan may submit a 
written request to FHFA to amend the plan as necessary to reflect any 
changes in circumstance. Until such time that FHFA approves a proposed 
amendment, the regulated entity must continue to operate in accordance 
with the terms of the corrective plan as previously approved.
    (e) Review of corrective plans and amendments. Within thirty (30) 
calendar days of receiving a corrective plan or proposed amendment to a 
plan, FHFA will notify the regulated entity in writing of its decision 
on the plan, will direct the regulated entity to submit additional 
information, or will notify the regulated entity that FHFA has 
established a different deadline.


Sec.  1236.5  Failure to submit a corrective plan; Noncompliance.

    (a) Remedies. If a regulated entity fails to submit an acceptable 
corrective plan under Sec.  1236.4(b), or fails to implement or 
otherwise comply with an approved corrective plan, FHFA shall order the 
regulated entity to correct that deficiency, and may:
    (1) Prohibit the regulated entity from increasing its average total 
assets, as defined in 12 U.S.C. 4516(b)(4), for any calendar quarter 
over its average total assets for the preceding calendar quarter, or 
may otherwise restrict the rate at which the average total assets of 
the regulated entity may increase from one calendar quarter to another;
    (2) Prohibit the regulated entity from paying dividends;
    (3) Prohibit the regulated entity from redeeming or repurchasing 
capital stock;
    (4) Require the regulated entity to maintain or increase its level 
of retained earnings;
    (5) Require an Enterprise to increase its ratio of core capital to 
assets, or require a Bank to increase its ratio of total capital, as 
defined in 12 U.S.C. 1426(a)(5) to assets; or
    (6) Require the regulated entity to take any other action that the 
Director determines will contribute to bringing the regulated entity 
into compliance with the Standards.
    (b) Extraordinary growth. If a regulated entity that has failed to 
submit an acceptable corrective plan or has failed to implement or 
otherwise comply with an approved corrective plan, also has experienced 
extraordinary growth within the 18 months prior to being notified by 
FHFA that it has failed to meet any of the Standards, FHFA shall impose 
at least one of the sanctions listed in paragraph (a) of this section.
    (c) Orders.--(1) Notice. Except as provided in paragraph (c)(4) of 
this section, FHFA will notify a regulated entity in writing of its 
intent to issue an order requiring the regulated entity to correct a 
deficiency under the Standards. Any such notice will include:
    (i) A statement that the regulated entity has failed to submit a 
corrective plan under Sec.  1236.4, or has not implemented or otherwise 
has not complied with an approved plan;
    (ii) A description of any sanctions that FHFA intends to impose 
and, in the case of the mandatory sanctions required by 12 U.S.C. 
4513b(b)(3), a statement that FHFA believes that the regulated entity 
has experienced extraordinary growth; and
    (iii) The proposed date when any sanctions would become effective 
or the proposed date for completion of any required actions.
    (2) Response to notice. A regulated entity may file a written 
response to a notice of intent to issue an order, which must be 
delivered to FHFA within fourteen (14) calendar days of the date of the 
notice, unless FHFA determines that a different time period is 
appropriate in light of the safety and soundness of the regulated 
entity or other relevant circumstances. The response should include:
    (i) An explanation why the regulated entity believes that the 
action proposed

[[Page 35796]]

by FHFA is not an appropriate exercise of discretion;
    (ii) Any recommended modification of the proposed order; and
    (iii) Any other relevant information, mitigating circumstances, 
documentation or other evidence in support of the position of the 
regulated entity regarding the proposed order.
    (3) Failure to file response. A regulated entity's failure to file 
a written response within the specified time period will constitute a 
waiver of the opportunity to respond and will constitute consent to 
issuance of the order.
    (4) Immediate issuance of final order. FHFA may issue an order 
requiring a regulated entity immediately to take actions to correct a 
prudential management and operations standards deficiency or take or 
refrain from taking other actions pursuant to paragraph (a) of this 
section. Within fourteen (14) calendar days of the issuance of an order 
under this paragraph, or other time period specified by FHFA, a 
regulated entity may submit a written appeal of the order to FHFA. FHFA 
will respond in writing to a timely filed appeal within sixty (60) days 
after receiving the appeal. During this period, the order will remain 
in effect unless FHFA stays the effectiveness of the order.
    (d) Request for modification or rescission of order. A regulated 
entity subject to an order under this part may submit a written request 
to FHFA for an amendment to the order to reflect a change in 
circumstance. Unless otherwise ordered by FHFA, the order shall 
continue in place while such a request is pending before FHFA.
    (e) Agency review and determination. FHFA will respond in writing 
within thirty (30) days after receiving a response or amendment 
request, unless FHFA notifies the regulated entity in writing that it 
will respond within a different time period. After considering a 
regulated entity's response or amendment request, FHFA may:
    (1) Issue the order as proposed or in modified form;
    (2) Determine not to issue the order and instead issue a different 
order; or
    (3) Seek additional information or clarification of the response 
from the regulated entity, or any other relevant source.

Appendix to Part 1236--Prudential Management and Operations Standards

Standard 1--Internal Controls and Information Systems

Responsibilities of the Board of Directors

    1. The board of directors of each regulated entity is 
responsible for ensuring that an adequate and effective system of 
internal controls is established and maintained, and that management 
includes personnel who are appropriately trained and competent to 
oversee this function.
    2. The board of directors should approve and periodically review 
the regulated entity's overall business strategies and significant 
policies.
    3. The board of directors should approve the regulated entity's 
organizational structure.
    4. The board of directors should ensure that senior management 
monitors the effectiveness of the regulated entity's internal 
controls and information systems.

Responsibilities of Senior Management

    5. Senior management should implement strategies and policies 
approved by the board of directors, and should ensure that the 
regulated entity has personnel who are appropriately trained and 
competent to carry out this function.
    6. Senior management should establish and maintain an 
organizational structure that clearly assigns responsibility, 
authority, and reporting relationships.
    7. Senior management should ensure an appropriate segregation of 
duties.
    8. Senior management should ensure that personnel are not 
assigned conflicting responsibilities.
    9. Senior management should ensure that staff carries out 
delegated responsibilities.
    10. Senior management should establish appropriate internal 
control policies.
    11. Senior management should monitor the adequacy and 
effectiveness of the regulated entity's internal controls and 
information systems.
    12. Senior management should ensure that the regulated entity's 
internal controls are monitored on an ongoing basis through a formal 
self-assessment process.

Responsibilities of the Board of Directors and Senior Management

    13. The board of directors and senior management should promote 
high ethical standards.
    14. The board of directors and senior management should 
establish a culture within the organization that emphasizes and 
demonstrates to personnel at all levels the importance of internal 
controls.
    15. The board of directors and senior management should address 
promptly any violations, findings, weaknesses, deficiencies, and 
other issues in need of remediation.

Risk Recognition and Assessment

    16. A regulated entity should have an effective risk assessment 
process.
    17. A regulated entity's risk assessment process should ensure 
that management recognizes and continually assesses all material 
risks, including credit risk, market risk, interest rate risk, 
liquidity risk, and operational risk.

Control Activities and Segregation of Duties

    18. A regulated entity should have an effective internal control 
system that defines control activities at every business level.
    19. A regulated entity's control activities should include:
    a. Board of directors and senior management reviews of progress 
toward goals and objectives;
    b. Appropriate activity controls for each business unit;
    c. Physical controls to protect property and other assets and 
limit access to property and systems;
    d. Procedures for monitoring compliance with exposure limits and 
follow-up on non-compliance;
    e. A system of approvals and authorizations for transactions 
over certain limits; and
    f. A system for verification and reconciliation of transactions.

Information and Communication

    20. A regulated entity should have information systems that 
provide relevant, accurate and timely information and data.
    21. A regulated entity should have secure information systems 
that are supported by adequate contingency arrangements.
    22. A regulated entity should have effective channels of 
communication to ensure that all personnel understand and adhere to 
policies and procedures affecting their duties and responsibilities.

Monitoring Activities and Correcting Deficiencies

    23. A regulated entity should monitor the overall effectiveness 
of its internal controls and key risks on an ongoing basis and 
ensure that business units and internal and external audit conduct 
periodic evaluations.
    24. Internal control deficiencies should be reported to senior 
management and the board of directors on a timely basis and 
addressed promptly.

Applicable Laws, Regulations, and Policies

    25. A regulated entity should comply with all applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins) 
governing internal controls and information systems.

Standard 2--Independence and Adequacy of Internal Audit Systems

Responsibilities of the Board of Directors and Senior Management

    1. A regulated entity's board of directors should have an audit 
committee that ensures the independence of the internal audit 
function, and ensures that the internal audit department includes 
personnel who are appropriately trained and competent to oversee the 
internal audit function.
    2. The board of directors should review and approve the audit 
committee charter at least every three years.
    3. The audit committee of the board of directors is responsible 
for monitoring and evaluating the effectiveness of the regulated 
entity's internal audit function.
    4. Issues reported by the internal audit department to the audit 
committee should be promptly addressed and satisfactorily resolved.

Internal Audit Function

    5. A regulated entity should have an internal audit system that 
provides for

[[Page 35797]]

adequate monitoring of the system of internal controls.
    6. A regulated entity should have an independent and objective 
internal audit department that reports directly to the audit 
committee of the board of directors.
    7. A regulated entity's internal audit department should be 
adequately staffed with properly trained and competent personnel.
    8. The internal audit department should conduct risk-based 
audits.
    9. The internal audit department should conduct adequate testing 
and review of internal control and information systems.
    10. The internal audit department should ensure that violations, 
findings, weaknesses and other issues reported by regulators, 
external auditors, and others are promptly addressed and 
satisfactorily resolved.

Applicable Laws, Regulations, and Policies

    11. A regulated entity should comply with applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins) 
governing the independence and adequacy of internal audit systems.

Standard 3--Management of Market Risk Exposure

Responsibilities of the Board of Directors

    1. The board of directors has ultimate responsibility for 
understanding the nature and level of the regulated entity's market 
risk exposures and should understand the possible short- and long-
term effects of those exposures on the financial health of the 
regulated entity, including the possible short- and long-term 
consequences to earnings, liquidity, and economic value.
    2. The board of directors should approve all major strategies 
and policies relating to the management of market risk and should 
ensure that the regulated entity's market risk strategy is 
consistent with its overall business plan and that senior management 
includes personnel who are appropriately trained and competent to 
oversee the management of the regulated entity's market risk 
exposure.
    3. The board of directors should establish the regulated 
entity's tolerance for market risk and provide management with clear 
guidance regarding the level of acceptable market risk.
    4. The board of directors should review the regulated entity's 
entire market risk management framework, including policies and 
entity-wide risk limits at least annually, and more frequently in 
the event of significant changes in market or financial conditions. 
The review should also include an assessment of compliance with the 
risk limits.
    5. The board of directors or a committee thereof should ensure 
that senior management has taken the steps necessary to identify, 
measure, manage, and control the regulated entity's market risk 
exposures.
    6. The board of directors or a committee thereof should ensure 
that the regulated entity's market risk policies establish lines of 
authority and responsibility for managing market risk.
    7. The board or a committee thereof should review the regulated 
entity's risk exposures on a periodic basis. The board of directors 
should ensure that management takes appropriate corrective measures 
when market risk limit violations or breaches occur.

Responsibilities of Senior Management

    8. Senior management should ensure that market risk policies and 
procedures are clearly written, sufficiently detailed, and followed, 
and should ensure that the regulated entity has personnel who are 
appropriately trained and competent to implement the policies and 
procedures related to market risk exposure.
    9. Senior management should ensure that the regulated entity has 
adequate systems and resources available to manage and control the 
regulated entity's market risk. Senior management should ensure that 
policies and procedures assign responsibility for managing the 
regulated entity's market risk limits.
    10. Senior management should ensure that the lines of authority 
and responsibility for managing market risk and monitoring market 
risk limits are clearly identified.
    11. Senior management should ensure that policies and procedures 
identify remedial actions to be taken when market risk limit 
violations occur.
    12. Senior management should regularly review and discuss with 
the board of directors information regarding the regulated entity's 
market risk exposures that is sufficient in detail and timeliness to 
permit the board of directors to understand and assess the 
performance of management with respect to the management of market 
risk.

Market Risk Strategy

    13. A regulated entity should have a clearly defined and well-
documented strategy for managing market risk. The strategy should 
specify a target account, or target accounts, for managing market 
risk (e.g., specify whether the objective is to control risk to 
earnings, net portfolio value, or some other target, or some 
combination of targets).
    14. Management should ensure that the board of directors is made 
aware of the advantages and disadvantages of the regulated entity's 
chosen market risk management strategy as well as those of 
alternative strategies so that the board of directors can make an 
informed judgment about the relative efficacy of the different 
strategies.
    15. A Bank's strategy for managing market risk should take into 
account the importance of maintaining the market value of equity of 
member stock commensurate with the par value of that stock so that 
the Bank is able to redeem and repurchase member stock at par value.
    16. A regulated entity should comply with all applicable laws, 
regulations, and supervisory guidance, (e.g., advisory bulletins) 
governing the independence and adequacy of the management of market 
risk exposure.

Standard 4--Management of Market Risk--Measurement Systems, Risk 
Limits, Stress Testing, and Monitoring and Reporting

Risk Measurement Systems

    1. A regulated entity should have a risk measurement system (a 
model or models) that capture(s) all material sources of market risk 
and provide(s) meaningful and timely measures of the regulated 
entity's risk exposures, as well as personnel who are appropriately 
trained and competent to operate and oversee the risk measurement 
system.
    2. The risk measurement system should be capable of estimating 
the effect of changes in interest rates and other key risk factors 
on the regulated entity's earnings and market value of equity over a 
range of scenarios.
    3. The measurement system should be capable of valuing all 
financial assets and liabilities in the regulated entity's 
portfolio.
    4. The measurement system should address all material sources of 
market risk including repricing risk, yield curve risk, basis risk, 
and options risk.
    5. Management should ensure the integrity and timeliness of the 
data inputs used to measure the regulated entity's market risk 
exposures, and should ensure that assumptions and parameters are 
reasonable and properly documented.
    6. The measurement system's methodologies, assumptions, and 
parameters should be thoroughly documented, understood by 
management, and reviewed on a regular basis.
    7. A regulated entity's market risk model should be upgraded 
periodically to incorporate advances in risk modeling technology.
    8. A regulated entity should have a documented approval process 
for model changes that requires model changes to be authorized by a 
party independent of the party making the change.
    9. A regulated entity should ensure that its models are 
independently validated on a regular basis.

Risk Limits

    10. Risk limits should be consistent with the regulated entity's 
strategy for managing interest rate risk and should take into 
account the financial condition of the regulated entity, including 
its capital position.
    11. Risk limits should address the potential impact of changes 
in market interest rates on net interest income, net income, and the 
regulated entity's market value of equity.

Stress Testing

    12. A regulated entity should conduct stress tests on a regular 
basis for a variety of institution-specific and market-wide stress 
scenarios to identify potential vulnerabilities and to ensure that 
exposures are consistent with the regulated entity's tolerance for 
risk.
    13. A regulated entity should use stress test outcomes to adjust 
its market risk management strategies, policies, and positions and 
to develop effective contingency plans.
    14. Special consideration should be given to ensuring that 
complex financial instruments, including instruments with complex 
option features, are properly valued under stress scenarios and that 
the risks associated with options exposures are properly understood.
    15. Management should ensure that the regulated entity's board 
of directors or a

[[Page 35798]]

committee thereof considers the results of stress tests when 
establishing and reviewing its strategies, policies, and limits for 
managing and controlling interest rate risk.
    16. The board of directors and senior management should review 
periodically the design of stress tests to ensure that they 
encompass the kinds of market conditions under which the regulated 
entity's positions and strategies would be most vulnerable.

Monitoring and Reporting

    17. A regulated entity should have an adequate management 
information system for reporting market risk exposures.
    18. The board of directors, senior management, and the 
appropriate line managers should be provided with regular, accurate, 
informative, and timely market risk reports.

Applicable Laws, Regulations, and Policies

    19. A regulated entity should comply with all applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins) 
governing the management of market risk.

Standard 5--Adequacy and Maintenance of Liquidity and Reserves

Responsibilities of the Board of Directors

    1. The board of directors should approve, at least annually, all 
major strategies and policies governing the adequacy, maintenance, 
and management of liquidity and reserves, and should ensure that 
senior management includes persons who are appropriately trained and 
competent to oversee the management of the regulated entity's 
liquidity and reserves.
    2. The board of directors should ensure that the regulated 
entity's liquidity is managed in accordance with approved 
strategies, policies, and procedures.

Responsibilities of Senior Management

    3. Senior management should develop strategies, policies, and 
practices to manage liquidity risk to ensure that the regulated 
entity maintains sufficient liquidity, and should ensure that the 
regulated entity has personnel who are appropriately trained and 
competent to oversee the management of the regulated entity's 
liquidity and reserves.
    4. Senior management should provide the board of directors with 
periodic reports on the regulated entity's liquidity position.

Policies, Practices, and Procedures

    5. A regulated entity should establish a liquidity management 
framework that ensures it maintains sufficient liquidity to 
withstand a range of stressful events.
    6. A regulated entity should articulate a liquidity risk 
tolerance that is appropriate for its business strategy and its 
mission goals and objectives.
    7. A regulated entity should have a sound process for 
identifying, measuring, monitoring, controlling, and reporting its 
liquidity position and its liquidity risk exposures.
    8. A regulated entity should establish a funding strategy that 
provides effective diversification in the sources and tenor of 
funding.
    9. A regulated entity should conduct stress tests on a regular 
basis for a variety of institution-specific and market-wide stress 
scenarios to identify sources of potential liquidity strain and to 
ensure that current exposures remain in accordance with each 
regulated entity's established liquidity risk tolerance.
    10. A regulated entity should use stress test outcomes to adjust 
its liquidity management strategies, policies, and positions and to 
develop effective contingency plans.
    11. A regulated entity should have a formal contingency funding 
plan that clearly sets out the strategies for addressing liquidity 
shortfalls in emergencies. Where practical, contingent funding 
sources should be tested or drawn on periodically to assess their 
reliability and operational soundness.
    12. A regulated entity should maintain adequate reserves of 
liquid assets, including adequate reserves of unencumbered, 
marketable securities that can be liquidated to meet unexpected 
needs.

Applicable Laws, Regulations, and Policies

    13. A regulated entity should comply with all applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins) 
governing the adequacy and maintenance of liquidity and reserves.

Standard 6--Management of Asset and Investment Portfolio Growth

Responsibilities of the Board of Directors and Senior Management

    1. The board of directors is ultimately responsible for ensuring 
that each regulated entity manages its asset growth and investment 
portfolio growth in a prudent manner, and ensuring that senior 
management includes persons who are appropriately trained and 
competent to oversee the management of the regulated entity's growth 
in those areas.
    2. The board of directors of each regulated entity should 
establish policies governing the regulated entity's assets and 
investment growth, including policies that establish prudential 
limits on the growth of mortgages and mortgage-backed securities. 
The board of directors should review such policies at least 
annually.
    3. Senior management should adhere to board-approved policies 
governing asset growth and investment portfolio growth, and should 
ensure that the regulated entity includes personnel who are 
appropriately trained and competent to manage the growth of the 
assets and investment portfolio.
    4. A regulated entity should manage asset growth and investment 
growth in a manner that is consistent with the regulated entity's 
business strategy, board-approved policies and risk tolerances, and 
safe and sound operations.
    5. A regulated entity should manage asset growth and investment 
growth in a way that is compatible with mission goals and 
objectives.

Applicable Laws, Regulations, and Policies

    6. A regulated entity should manage investments and acquisition 
of assets in a way that complies with all applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins).

Standard 7--Investments and Acquisitions of Assets

    Responsibilities of the Board of Directors and Senior Management
    1. The board of directors is ultimately responsible for ensuring 
that the regulated entity manages its investments and acquisitions 
in a prudent manner, and for ensuring that senior management 
includes persons who are appropriately trained and competent to 
oversee the regulated entity's investments and acquisitions.
    2. The board of directors should approve and periodically review 
the regulated entity's policies governing investments and 
acquisitions of other assets.
    3. A regulated entity should have an investment policy that 
establishes clear and explicit guidelines that are appropriate to 
the regulated entity's mission and objectives. The investment policy 
should establish the regulated entity's investment objectives, risk 
tolerances, investment constraints, and policies and procedures for 
selecting investments.
    4. A regulated entity should have a board-approved policy 
governing acquisitions of other assets (i.e., assets other than 
investments). The policy should establish clear and explicit 
guidelines for asset acquisitions that are appropriate to the 
regulated entity's mission and objectives.
    5. A regulated entity should manage investments and acquisitions 
of assets in a manner that is consistent with mission goals and 
objectives.
    6. The board of directors of each Bank should ensure that the 
Bank's investment policies and acquisition of assets take into 
account the importance of maintaining the market value of member 
stock commensurate with the par value of that stock so that the Bank 
is able to redeem and repurchase member stock at par value at all 
times.

Applicable Laws, Regulations, and Policies

    7. A regulated entity should manage investments and acquisitions 
of assets in a way that complies with all applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins).

Standard 8--Overall Risk Management Processes

Responsibilities of the Board of Directors

    1. The board of directors is ultimately responsible for the 
regulated entity's risk management processes, and for ensuring that 
senior management includes persons who are appropriately trained and 
competent to oversee the regulated entity's risk management process.
    2. The board of directors, or a risk committee of the board, 
should ensure that the requisite processes are in place to identify, 
manage, monitor, and control the regulated entity's risk exposures 
on a business unit and an enterprise-wide basis.
    3. The board of directors should approve all major risk limits 
of the regulated entity.
    4. The board of directors should ensure incentive compensation 
measures for senior management capture a full range of risks to 
which the regulated entity is exposed, and compensation is not tied 
solely to operating

[[Page 35799]]

efficiency measures, such as profits, dividends, or costs in 
isolation.

Responsibilities of the Board and Senior Management

    5. The board of directors and senior management should take an 
active role in establishing and sustaining an organizational 
awareness and culture that promotes effective enterprise risk 
management.
    6. The board of directors and senior management should be 
provided with accurate, timely, and informative risk reports on a 
regular basis that provide an overview of the regulated entity's 
overall risk profile, including its exposures to market, credit, 
liquidity, and operational risks and any concentration of risk.
    7. The board of directors and senior management should ensure 
that the regulated entity's overall risk profile is aligned with its 
mission objectives.
    8. The board of directors and senior management should ensure 
that the regulated entity performs a comprehensive risk self-
assessment, on an annual basis, to identify and evaluate all 
material risks.

Independent Risk Management Function

    9. A regulated entity should have an independent risk management 
function, or unit, with responsibility for risk measurement and risk 
monitoring, including monitoring and enforcement of risk limits.
    10. The chief risk officer should head the risk management 
function.
    11. The chief risk officer should report directly to the chief 
executive officer or the risk committee of the board of directors. 
If the chief risk officer reports to the chief executive officer, 
he/she should also have a direct and independent reporting 
relationship with the risk committee of the board of directors.
    12. The risk management function should have adequate resources, 
including a well-trained and capable staff.

Risk Measurement, Monitoring, and Control

    13. A regulated entity should measure, monitor, and control its 
overall risk exposures, reviewing market, credit, liquidity, and 
operational risk exposures on both a business unit (or business 
segment) and enterprise-wide basis.
    14. A regulated entity should have the risk management systems 
to generate, at an appropriate frequency, the information needed to 
manage risk. Such systems should include systems for market, credit, 
operational, and liquidity risk analysis, asset and liability 
management, regulatory reporting, and performance measurement.
    15. A regulated entity should have a comprehensive set of risk 
limits and monitoring procedures to ensure that risk exposures 
remain within established risk limits, and a mechanism for reporting 
violations and breaches of risk limits to senior management and the 
board of directors.
    16. A regulated entity should ensure that it has sufficient 
controls around risk measurement models to ensure the completeness, 
accuracy, and timeliness of risk information.
    17. A regulated entity should have adequate and well-tested 
disaster recovery and business resumption plans for all major 
systems and have remote facilitates to limit the impact of 
disruptive events.

Applicable Laws, Regulations, and Policies

    18. A regulated entity should comply with all applicable laws, 
regulations, and supervisory guidance (e.g., advisory bulletins) 
governing the management of risk.

Standard 9--Management of Credit and Counterparty Risk

Responsibilities of the Board of Directors and Senior Management

    1. The board of directors and senior management are responsible 
for ensuring that the regulated entity has credit risk management 
policies, procedures, and systems that are appropriate to its 
business model and that cover all aspects of credit administration 
including credit pricing, underwriting, credit limits, collateral 
standards, and collateral valuation procedures.
    2. The board of directors and senior management should ensure 
that the regulated entity has appropriate policies and procedures 
governing derivatives and the use of clearinghouses and exchanges 
for derivatives trades.
    3. The board of director and senior management should ensure 
that the regulated entity has personnel that are appropriately 
trained and competent to manage credit and counterparty risk, and 
that they have the necessary tools, procedures, and systems for 
assessing credit and counterparty risk.
    4. Senior management should provide its board of directors with 
regular briefings and reports on the regulated entity's credit 
exposures, including information on concentrations of credit, the 
level and trends in delinquencies and problem credits, and 
management efforts to address problem credits. Such briefings and 
reports should include the results of scenario analysis and stress 
tests and their effects on delinquencies and other key financial 
ratios.

Policies, Procedures, Controls, and Systems

    5. A regulated entity should have policies that limit 
concentrations of credit risk and systems to identify concentrations 
of credit risk.
    6. A regulated entity should establish prudential limits to 
restrict exposures to a single counterparty that are appropriate to 
its business model.
    7. A regulated entity should establish prudential limits to 
restrict exposures to groups of related counterparties that are 
appropriate to its business model.
    8. A regulated entity should have policies, procedures, and 
systems for evaluating credit risk that will enable it to make 
informed credit decisions.
    9. A regulated entity should have policies, procedures, and 
systems for evaluating credit risk that will enable it to ensure 
that claims are legally enforceable.
    10. A regulated entity should have policies and procedures for 
addressing problem credits.
    11. A regulated entity should have a system of independent, 
ongoing credit review, including stress test