Corporate Credit Unions, 17288-17299 [2020-03837]

Download as PDF 17288 Proposed Rules Federal Register Vol. 85, No. 60 Friday, March 27, 2020 This section of the FEDERAL REGISTER contains notices to the public of the proposed issuance of rules and regulations. The purpose of these notices is to give interested persons an opportunity to participate in the rule making prior to the adoption of the final rules. NATIONAL CREDIT UNION ADMINISTRATION 12 CFR Part 704 RIN 3133–AF13 Corporate Credit Unions National Credit Union Administration (NCUA). ACTION: Proposed rule. AGENCY: The NCUA Board (Board) is seeking comment on a proposed rule that would amend the NCUA’s corporate credit union regulation. The proposed rule would update, clarify, and simplify several provisions of the NCUA’s corporate credit union regulation, including: Permitting a corporate credit union to make a minimal investment in a credit union service organization (CUSO) without the CUSO being classified as a corporate CUSO under the NCUA’s rules; expanding the categories of senior staff positions at member credit unions eligible to serve on a corporate credit union’s board; amending the minimum experience and independence requirement for a corporate credit union’s enterprise risk management expert; and requiring a corporate credit union to deduct certain investments in subordinated debt instruments issued by natural person credit unions. DATES: Comments must be received by May 26, 2020. ADDRESSES: You may submit written comments, identified by RIN 3133– AF13, by any of the following methods (Please send comments by one method only): • Federal eRulemaking Portal: http:// www.regulations.gov. Follow the instructions for submitting comments. • Fax: (703) 518–6319. Include ‘‘[Your Name]—Comments on Proposed Rule: Corporate Credit Unions’’ in the transmittal. • Mail: Address to Gerard Poliquin, Secretary of the Board, National Credit Union Administration, 1775 Duke khammond on DSKJM1Z7X2PROD with PROPOSALS SUMMARY: VerDate Sep<11>2014 15:54 Mar 26, 2020 Jkt 250001 Street, Alexandria, Virginia 22314– 3428. • Hand Delivery/Courier: Same as mail address. Public Inspection: You may view all public comments on the Federal eRulemaking Portal at http:// www.regulations.gov as submitted, except for those we cannot post for technical reasons. The NCUA will not edit or remove any identifying or contact information from the public comments submitted. You may inspect paper copies of comments in the NCUA’s law library at 1775 Duke Street, Alexandria, Virginia 22314, by appointment weekdays between 9:00 a.m. and 3:00 p.m. To make an appointment, call (703) 518–6546, or send an email to OGCMail@ncua.gov. FOR FURTHER INFORMATION CONTACT: Policy and Analysis: Robert Dean, National Supervision Analyst, Office of National Examinations and Supervision, (703) 518–6652; Legal: Rachel Ackmann, Senior Staff Attorney, Office of General Counsel, (703) 548–2601; or by mail at National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314. SUPPLEMENTARY INFORMATION: I. Introduction a. Legal Authority and Background The Board is issuing this rule pursuant to its authority under the Federal Credit Union Act (FCU Act).1 Under the FCU Act, the NCUA is the chartering and supervisory authority for Federal credit unions (FCUs) and the federal supervisory authority for federally insured credit unions (FICUs). The FCU Act grants the NCUA a broad mandate to issue regulations governing both FCUs and FICUs. Section 120 of the FCU Act is a general grant of regulatory authority and authorizes the Board to prescribe regulations for the administration of the FCU Act.2 Section 209 of the FCU Act is a plenary grant of regulatory authority to the NCUA to issue regulations necessary or appropriate to carry out its role as share insurer for all FICUs.3 The FCU Act also includes an express grant of authority for the Board to subject federally chartered central, or corporate, credit 1 12 U.S.C. 1751 et seq. U.S.C. 1766(a). 3 12 U.S.C. 1789. 2 12 PO 00000 Frm 00001 Fmt 4702 Sfmt 4702 unions to such rules, regulations, and orders as the Board deems appropriate.4 Part 704 of the NCUA’s regulations implements the requirements of the FCU Act regarding corporate credit unions.5 In 2010, the Board comprehensively revised the regulations governing corporate credit unions to provide longer-term structural enhancements to the corporate system in response to the financial crisis of 2007–2009.6 The provisions of the 2010 rule successfully stabilized the corporate system and improved corporate credit unions’ ability to function and provide services to natural person credit unions. Since 2010, and as part of the Board’s continuous reevaluation of its regulation of corporate credit unions, the Board has amended part 704 on several occasions.7 Part 704 was last amended in 2017, when the Board amended corporate credit union capital standards to change the calculation of capital after a consolidation and to set a retained earnings ratio target in meeting prompt corrective action (commonly referred to as PCA) standards.8 b. Regulatory Review The NCUA reviews all of its existing regulations every three years. The NCUA’s Office of General Counsel maintains a rolling review schedule that identifies one-third of its existing regulations for review each year and provides notice to the public of those regulations under review so the public may have an opportunity to comment. Part 704 was part of the Office of General Counsel’s 2019 annual regulatory review.9 The Board received several comments on updating part 704 as part of the 2019 annual regulatory review. II. Proposed Rule The Board proposes to update, clarify, and simplify several provisions of part 704. Specifically, the proposed rule would: (1) Permit a corporate credit union to make a minimal investment in a CUSO without the CUSO being 4 12 U.S.C. 1766(a). CFR part 704. 6 75 FR 64786 (Oct. 20, 2010). 7 See e.g., 80 FR 25932 (May 6, 2015), 80 FR 57283 (Sept. 23, 2015), and 82 FR 55497 (Nov. 22, 2017). 8 82 FR 55497 (Nov. 22, 2017). 9 See, https://www.ncua.gov/regulationsupervision/rules-regulations/regulatory-review. 5 12 E:\FR\FM\27MRP1.SGM 27MRP1 Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS classified as a corporate CUSO and subject to heightened NCUA oversight; (2) expand the categories of senior staff positions at member credit unions eligible to serve on a corporate credit union’s board; (3) remove the experience and independence requirement for a corporate credit union’s enterprise risk management expert; (4) clarify the treatment of an investment in a subordinated debt instrument of a natural person credit union; (5) codify the current list of permissible activities for a corporate CUSO; (6) clarify the definition of a collateralized debt obligation; and (7) simplify the requirement for net interest income modeling. Each proposed change is discussed in detail below. A. Minimal Investment in Natural Person CUSOs Part 704 includes specific regulations for a corporate credit union’s investment and lending activity and permits a corporate credit union to invest in and lend to a corporate CUSO. A corporate CUSO is defined as an entity that is at least partly owned by a corporate credit union; primarily serves credit unions; restricts its services to those related to the normal course of business of credit unions; 10 and is structured as a corporation, limited liability company, or limited partnership under state law.11 Similar to natural person credit union service organizations (NP CUSOs), the Board cannot regulate corporate CUSOs directly, but it can, for safety and soundness reasons, regulate the types of investments that corporate credit unions make and whether a corporate credit union may invest in a CUSO. Part 704 includes several prudential requirements to ensure corporate credit union investment in and lending to corporate CUSOs is safe and sound. For example, part 704 regulates aggregate corporate credit union investment in and lending to corporate CUSOs. Part 704 also includes customer base requirements, permissible activities, accounting and audit standards, and requires NCUA access to corporate CUSO facilities, books, and records. In general, many of the prudential standards for corporate CUSOs are more restrictive than the standards for NP CUSOs.12 The Board has historically 10 See, 12 CFR 704.11(e). CFR 704.11(a). 12 For example, the permissible activities for a corporate CUSO are more limited than the permissible activities for a NP CUSO. A corporate CUSO may seek Board permission to engage in additional activities, but the process can be burdensome. In addition, corporate CUSOs are also subject to more rigorous NCUA oversight. A 11 12 VerDate Sep<11>2014 15:54 Mar 26, 2020 Jkt 250001 imposed more restrictive standards for corporate CUSOs as they may serve hundreds or even thousands of natural person credit unions and pose unique systemic risk.13 Additionally, core functions of corporate credit unions that pose systemic risk could be moved to corporate CUSOs. The Board has expressed concern that the movement of these core functions to entities that are not directly regulated by the NCUA could increase the systemic risk associated with corporate CUSOs, and the Board wants to ensure it has a degree of oversight and control of these activities.14 As stated above, a corporate CUSO is defined as an entity that is at least partly owned by a corporate credit union; primarily serves credit unions; restricts its services to those related to the normal course of business of credit unions; and is structured as a corporation, limited liability company, or limited partnership under state law.15 The definition is broad and includes no exception for de minimus, noncontrolling equity investments. Accordingly, any corporate credit union equity interest in a CUSO, regardless of how small a share of the CUSO the corporate credit union owns, is sufficient to designate the CUSO as a corporate CUSO and subject it to additional requirements under part 704. The proposed rule would amend the definition of corporate CUSO so that a corporate credit union could make a de minimus, non-controlling investment in a NP CUSO without the CUSO being deemed a corporate CUSO. The Board has reconsidered its position that any corporate credit union investment in a CUSO must be subject to enhanced standards under part 704. The Board believes that a corporate credit union’s non-controlling investment would not pose the same systemic risks to the credit union system as a controlling investment. It is unlikely that a corporate credit union would move its essential functions into a non-controlled CUSO. The Board has also considered the benefits of permitting corporate credit corporate CUSO must agree to give the NCUA complete access to its personnel, facilities, equipment, books, records, and other documentation that the NCUA deems pertinent. In contrast, NP CUSOs must provide the NCUA with complete access to its books and records and the ability to review its internal controls, as deemed necessary by the NCUA. Finally, corporate CUSOs must provide quarterly financial statements to the corporate credit union. In contrast, NP CUSOs must prepare quarterly financial statements, but do not have to provide the statements to FCUs. 13 74 FR 65210 (Dec. 9, 2009). 14 Id. 15 12 CFR 704.11(a). PO 00000 Frm 00002 Fmt 4702 Sfmt 4702 17289 unions to make de minimus, noncontrolling investments in NP CUSOs. Compared to corporate CUSOs, NP CUSOs are permitted to engage in a broader range of permissible activities and services. Consequently, NP CUSOs are often a source of collaboration and innovation among FICUs that may result in the origination of new products and services. To compete effectively in today’s technology-based financial service market, FICUs may need to rely increasingly on pooling their resources to fund CUSOs and to build the necessary infrastructure. The costs for research and development, acquisition, implementation, and specialized staff capable of managing these new technologies may be prohibitive for all but a very few of the largest FICUs. CUSOs may provide the means for FICUs to collectively address these challenges and may enable FICUs to collaboratively develop technologies that better serve their members. Without the opportunity to invest in NP CUSOs, a corporate credit union may be restricted in its ability to participate in this process. The Board believes that by expanding corporate credit union investment authorities, while still maintaining necessary safeguards, corporate credit unions will be in a better position to participate in the development of new products and services. NP CUSOs would also benefit from a larger pool of potential investors, which may enable further research and development during this period of rapid technological growth. In addition to amending the definition of corporate CUSO to permit de minimus, non-controlling investments in NP CUSOs, the proposed rule would also make several conforming amendments to part 704. The specific details of the proposed amendments are discussed below. § 704.2 Definitions Consolidated credit union service organization. Generally, consolidated CUSOs are those majority-owned by a corporate credit union. The proposed rule would amend the definition of consolidated CUSO to use the newly defined term ‘‘CUSO’’ for clarity. Under the proposed rule, a consolidated CUSO would mean any CUSO the assets of which are consolidated with those of the corporate credit union for purposes of reporting under Generally Accepted Accounting Principles (GAAP). Corporate CUSO. As discussed above, the proposed rule would amend the definition of a corporate CUSO. Under the proposed rule, a CUSO would be designated as a corporate CUSO only if one or more corporate credit unions E:\FR\FM\27MRP1.SGM 27MRP1 17290 Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules have a controlling interest. A corporate credit union would be considered to have a controlling interest if: (1) The CUSO is consolidated on a corporate credit union’s balance sheet; (2) a corporate credit union has the power, directly or indirectly, to direct the CUSO’s management or policies; or (3) a corporate credit union owns 25 percent or more of the CUSO’s contributed equity, stock, or membership interests.16 A CUSO would also be designated as a corporate CUSO if the aggregate corporate credit union ownership of all corporates investing in the CUSO meets or exceeds 50 percent of the CUSO’s contributed equity, stock, or membership interests. The Board is concerned that if several corporate credit unions have a majority ownership interest in a CUSO, the CUSO could present the same risk to the credit union system as a CUSO that is controlled by one corporate credit union. If any of these four conditions are met, then the CUSO would meet the definition of a corporate CUSO and be subject to additional requirements under part 704. The definition of corporate CUSO would also be moved to § 704.2 for consistency with the location of other definitions in part 704. Credit Union Service Organization (CUSO). The proposed rule would define the term CUSO for purposes of part 704. Under the proposed rule, a CUSO would mean both a NP CUSO under part 712 and a corporate CUSO under part 704.11. The proposed definition makes it clear that the term CUSO applies to both NP CUSOs and corporate CUSOs unless otherwise stated. For example, when calculating tier 1 capital under part 704, a corporate credit union must deduct, in part, investments in any ‘‘unconsolidated CUSO.’’ By using the term ‘‘CUSO,’’ instead of the defined terms ‘‘corporate CUSO’’ and ‘‘consolidated CUSO,’’ the proposed rule should be clear that a corporate credit union must deduct unconsolidated investments in both a NP CUSO and a corporate CUSO. khammond on DSKJM1Z7X2PROD with PROPOSALS §§ 704.5 Investments, 704.6 Credit Risk Management, and 704.7 Lending The proposed rule would remove references to corporate CUSOs and instead refer to the general term CUSO because those provisions would continue to apply to a corporate credit union investing in and lending to both NP CUSOs and corporate CUSOs, as explained in detail below in the 16 The proposed definition is related to the definition of control in the Federal Deposit Insurance Act for notices filed under the Change in Bank Control Act. 12 U.S.C. 1817(j). VerDate Sep<11>2014 15:54 Mar 26, 2020 Jkt 250001 discussion of the proposed changes to § 704.11. § 704.11 Credit Union Service Organizations (CUSOs) Under the proposed rule, § 704.11 would be reorganized for clarity, however, the substantive requirements for corporate CUSOs would not be amended. The intent of the reorganization is to be clear that certain requirements apply to a corporate credit union’s investment in or lending to both NP CUSOs and corporate CUSOs, certain requirements apply only to NP CUSOs, and other requirements apply only to corporate CUSOs. The proposed rule sets forth the requirements for all corporate credit union investments in or lending to CUSOs. The proposed rule, in § 704.11(a), states that the aggregate investment and lending limits apply regardless of whether a corporate credit union’s investment or loan is to a NP CUSO or a corporate CUSO. The proposed rule does not amend the current aggregate limitations on investments and lending.17 A corporate credit union that has already invested in or loaned the maximum permitted under the current rule would not be authorized to invest or lend any additional money. Instead, such a corporate credit union would have to reallocate its investments or loans if it seeks to make any new investments that are prohibited. In § 704.11(b), the proposed rule states that all corporate credit union loans to CUSOs are subject to due diligence requirements.18 The proposed rule, as does the current rule, would require corporate credit unions to comply with certain due diligence requirements from the NCUA’s member business loans rule before making a loan to a CUSO. Under the proposed rule, corporate credit unions would be subject to the commercial loan policy and due diligence requirements in the 17 12 CFR 704.11(b). In general, the aggregate of all investments in corporate CUSOs that a corporate credit union may make must not exceed 15 percent of a corporate credit union’s total capital. The aggregate of all investments in and loans to corporate CUSOs that a corporate credit union may make must not exceed 30 percent of a corporate credit union’s total capital. A corporate credit union may lend to corporate CUSOs an additional 15 percent of total capital if the loan is collateralized by assets in which the corporate has a perfected security interest under state law. 18 12 CFR 704.11(c). The current rule includes a cross-reference to due diligence requirements in the member business loan rule. The member business loan rule, however, was updated in 2015 and the cross-referenced requirements have been removed. Accordingly, the proposed rule would update the cross references to reflect the revised member business loan rule. PO 00000 Frm 00003 Fmt 4702 Sfmt 4702 NCUA’s member business loans rule 19 for lending to both NP CUSOs and corporate CUSOs. The board-approved policy must ensure corporate credit union lending activities are performed in a safe and sound manner by providing for ongoing control, measurement, and management of CUSO lending. The policy should also include qualifications and experience requirements for personnel involved in underwriting, processing, approving, administering, and collecting loans to CUSOs. The corporate credit union must also have a loan approval process, underwriting standards and risk management processes commensurate with the size, scope and complexity of its CUSO lending. The Board believes these due diligence requirements are the minimum requirements necessary to ensure that corporate credit unions are engaging in safe and sound lending practices. The requirements should not place a new burden on corporate credit unions because any corporate credit union that is currently making a loan to a corporate CUSO should be following these basic safety and soundness principles. In § 704.11(c), the proposed rule would set forth the regulations governing corporate credit union investment in and lending to NP CUSOs. The proposed rule would state that corporate credit union investment in and lending to NP CUSOs are generally subject to part 712 of this chapter. The intent of this section is to be clear that a CUSO is either governed under part 704 as a corporate CUSO, as discussed below, or subject to part 712 as a NP CUSO. A corporate credit union investment in a CUSO of a statechartered natural person credit union would also be subject to the requirements in part 712. In § 704.11(d), the proposed rule, like the current rule, would include safety and soundness requirements for corporate credit union investments in and loans to corporate CUSOs. In general, the proposed rule does not make any substantive changes to the existing prudential requirements. The requirements have been reorganized for clarity and as part of the general restructuring of § 704.11, but are not otherwise substantively amended.20 Finally, in § 704.11(e), the proposed rule would include one new prudential requirement for corporate credit union investments in and loans to corporate CUSOs. The proposed rule states that 19 12 CFR 723.4. proposed rule would include a few nonsubstantive language changes that are only intended to streamline the provision and enhance clarity. 20 The E:\FR\FM\27MRP1.SGM 27MRP1 Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules any subsidiary of a corporate CUSO would be automatically designated a corporate CUSO. The proposed rule also would provide that all tiers or levels of a corporate CUSO’s structure are subject to the requirements for corporate CUSOs. The Board believes this level of oversight is necessary for all tiers of a corporate CUSO because corporate CUSOs affect not only the health of the investing corporate credit union, but also the health of the credit union system as a whole. Many corporate CUSOs serve natural person credit unions directly. As stated previously, the Board has historically been concerned that some activities might migrate from corporate credit unions to CUSOs and their subsidiaries, and the Board needs to ensure each layer in the corporate structure is subject to certain minimal prudential requirements. khammond on DSKJM1Z7X2PROD with PROPOSALS § 704.19 Disclosure of Executive Compensation Section 704.19 currently requires that each corporate credit union annually prepare and maintain a document that discloses the compensation of certain employees, including compensation received from a corporate CUSO.21 The proposal would amend § 704.19 to require that employee compensation from either a NP CUSO or a corporate CUSO must be reported. The Board notes that under the current rule to facilitate this disclosure, § 704.11(g) requires a corporate CUSO to disclose compensation paid to any employees that are also employees of a corporate credit union lending to, or investing in, the CUSO. This provision places the burden of disclosure on the corporate CUSO. The proposed rule, however, would not include a similar requirement for NP CUSOs.22 Accordingly, the dual employee would be required to disclose his or her compensation from the NP CUSO for the corporate credit union to make the required disclosure. B. Corporate Credit Union Board Representation Section 704.14 currently requires that at least a majority of a corporate credit union’s board members must serve on the corporate credit union’s board as a representative of a member credit union.23 In addition, any candidate for a position on the board of a corporate 21 12 CFR 704.19(a). Board notes, however, that part 712 prohibits officials and senior management employees, and their immediate family members of an FCU with an outstanding loan or investment from receiving any salary, commission, investment income, or other income or compensation from the CUSO, either directly or directly. 12 CFR 712.8. 23 12 CFR 704.14. 22 The VerDate Sep<11>2014 15:54 Mar 26, 2020 Jkt 250001 credit union must hold a senior management position at a member credit union and hold that position at the time he or she is seated on the board of a corporate credit union. Currently, only an individual who holds the position of chief executive officer, chief financial officer, chief operating officer, or treasurer/manager at a member credit union, and will hold that position at the time he or she is seated on the corporate credit union board if elected, may seek election or re-election to the corporate credit union board. The proposed rule would expand the credit union officials eligible to serve on a corporate credit union board. The proposed rule would no longer expressly limit the corporate credit union board to the above stated positions and instead would include any person in a senior staff position at a member credit union. The proposed rule would then list the current positions as examples of senior staff positions that are eligible to serve on a corporate credit union board. The proposed rule also would include two new positions, chief information officer and chief risk officer, in the list of examples of senior staff positions eligible to serve on a corporate credit union board. The Board believes that officials who hold a senior management position at a member credit union are qualified individuals who could offer expertise as a corporate credit union board member. Not only would the corporate credit union members have more flexibility in choosing board members, but expanding eligible senior staff positions, such as chief information officer and chief risk officer, would widen the range of expertise on corporate credit union boards. C. Enterprise Risk Management Section 704.21 requires corporate credit unions to develop and follow an enterprise risk management policy.24 A corporate credit union must also establish an enterprise risk management committee (ERMC) and include an independent risk management expert on the committee. The Board adopted these requirements in 2011 due to concerns that corporate credit unions were not adequately focused on the aggregation of exposures across entire institutions, even though the Board believed that corporate credit unions were adequately focused on individual risk exposures.25 The current rule includes several specific requirements regarding the independent risk management expert on the committee. The risk management expert must have at least five years of experience in identifying, assessing, and managing risk exposures.26 This experience must be commensurate with the size of the corporate credit union and the complexity of its operations. In addition, the current rule provides what constitutes independence. A risk management expert qualifies as independent if: (1) The expert reports to the ERMC and to the corporate credit union’s board of directors; (2) neither the expert, nor any immediate family member of the expert, is supervised by or has any material business or professional relationship with the chief executive officer (CEO) of the corporate credit union, or anyone directly or indirectly supervised by the CEO; and (3) neither the expert, nor any immediate family member of the expert, has had any of the previously described relationships for at least the past three years.27 The Board specifically included experience and independence requirements to ensure the enterprise risk management expert is adequately qualified and not influenced by the operational side of the corporate credit union.28 The Board, however, no longer believes that it is necessary for prescriptive experience requirements and for the risk management expert to be independent of the corporate credit union. The Board believes the corporate credit union should have more discretion in choosing an adequate risk management expert. The Board does not believe that a prescriptive five-year experience requirement is necessary. The Board believes that corporate credit unions are in the best position to determine the appropriate level of experience necessary for the position. The proposed rule also would permit the risk management expert to report directly to the ERMC. Additionally, the Board believes that the effectiveness of risk management practices is driven by a multitude of factors, to include policies, processes, and qualified knowledge. Many corporate credit unions have integrated their enterprise risk management function into their business decision making, and at many corporate credit unions, internal corporate staff possess the skills and experience to capably manage the enterprise risk management program. By and large, corporate credit unions have improved their ability to assess risk and effectively challenge 24 12 26 12 25 76 27 12 CFR 704.21. FR 23861 (Apr. 29, 2011) and 80 FR 25932 (May 6, 2015). PO 00000 Frm 00004 Fmt 4702 Sfmt 4702 17291 CFR 704.21(c). CFR 704.21(d). 28 76 FR 23861 (Apr. 29, 2011). E:\FR\FM\27MRP1.SGM 27MRP1 17292 Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules evaluations of risk since the current rule was first adopted. The proposed rule would provide the corporate credit unions flexibility to choose an internal risk management expert instead of engaging an outside consultant. The Board, however, notes that even though independence is no longer an explicit requirement, for best enterprise risk management practices, the expert should have appropriate stature and authority to effectively manage and lead an enterprise risk management program. The expert must be competent to analyze risks across the institution and have the capability to communicate those risks to the board or ERMC despite potential influence from the operational side of the corporate credit union. The NCUA will evaluate the adequacy of a corporate credit union’s enterprise risk management practices through the supervisory process. Sound risk management is a cornerstone responsibility of a credit union’s leadership; therefore, CAMEL and risk ratings will incorporate the supervisory team’s assessment of this area. Weaknesses in risk management may result in supervisory actions. khammond on DSKJM1Z7X2PROD with PROPOSALS D. Natural Person Credit Union Subordinated Debt Instruments The Board recently issued a proposed rule to permit low-income designated credit unions, complex credit unions, and new credit unions to issue subordinated debt instruments for purposes of regulatory capital treatment (subordinated debt NPR).29 If the Board adopts the proposed rule as final, it expects additional credit unions to begin issuing subordinated debt instruments. Therefore, the Board believes it is necessary to clarify whether corporate credit unions may purchase such instruments and, if so, the treatment of the investments under part 704. This proposed rule would create a new definition for the term natural person credit union subordinated debt instrument. The proposed rule would define a natural person credit union subordinated debt instrument as any debt instrument issued by a natural person credit union that is subordinate to all other claims against the credit union, including the claims of creditors, shareholders, and either the National Credit Union Share Insurance Fund (NCUSIF) or the insurer of a privately insured credit union. The Board intends for this definition to include all 29 Available at, https://www.ncua.gov/files/ publications/regulations/proposed-rulesubordinated-debt.pdf (Feb. 7, 2020). VerDate Sep<11>2014 15:54 Mar 26, 2020 Jkt 250001 instruments issued under the subordinated debt NPR. The Board is clarifying that corporate credit unions may purchase subordinated debt instruments of natural person credit unions under a corporate credit union’s lending authority. This authority is derived from their lending authority because subordinated debt instruments are issued under a natural person credit union’s borrowing authority. Additionally, natural person credit unions are also permitted to, subject to various restrictions and limits, purchase such subordinated debt instruments from other natural person credit unions under their lending authority. Treating the purchase of such subordinated debt instruments as lending would ensure consistent treatment between natural person credit unions and corporate credit unions. The proposed rule would not explicitly state that a corporate credit union may purchase a natural person credit union subordinate debt instrument because the Board believes corporate credit unions’ current lending authority is currently sufficiently broad to include purchasing subordinated debt instruments. The proposed rule, however, would require that a corporate credit union fully deduct the amount of the subordinated debt instrument from its tier 1 capital to ensure consistent treatment between investments in the capital of other corporate credit unions and natural person credit unions. Corporate credit unions are currently required to deduct from tier 1 capital any investments in perpetual contributed capital and nonperpetual capital accounts that are maintained at other corporate credit unions.30 The Board believes that investments in natural person credit union subordinated debt instruments should be treated similarly as such instruments may qualify as regulatory capital for the natural person credit union. The Board is also concerned about systemic risk if corporate credit unions own a significant amount of natural person credit union issued subordinated debt. Finally, a natural person credit union subordinated debt instrument would be in a first loss position, even before the NCUSIF and any private insurance fund or entity. Therefore, an involuntary liquidation of the issuing credit union would potentially mean large, and likely total, losses for the holders of those subordinated obligations. The Board believes that fully deducting such instruments from tier 1 capital will 30 See the definition of tier 1 capital in 12 CFR 704.2. PO 00000 Frm 00005 Fmt 4702 Sfmt 4702 ensure any potential losses do not affect the capital position of the investing corporate credit union. This measured approach strikes the right balance between providing corporate credit unions the flexibility to purchase natural person credit union subordinated debt instruments and avoiding undue systemic risk to the credit union system. E. Approved Corporate CUSO Activities. Part 704 does not list the permissible activities for corporate CUSOs in the regulatory text of part 704 of the Code of Federal Regulations, unlike part 712, which does so for NP CUSOs.31 Instead, § 704.11 requires that, generally, a corporate CUSO must agree that it will limit its services to brokerage services, investment advisory services, and other categories of services as preapproved by NCUA and published on NCUA’s website.32 A CUSO that desires to engage in an activity not preapproved by NCUA can apply to NCUA for that approval. To increase transparency and make it easier for corporate credit unions to determine if an activity has previously been determined by the Board to be permissible, the proposed rule would replace the permissible activities list from the NCUA website with a new appendix to part 704. The proposed rule would include a new Appendix D, which would reprint the current list of permissible activities and conditions for corporate CUSO activities. The Board is not proposing any amendments to the list at this time. In the future, the Board would make any additions or changes to the list by amending Appendix D through a rulemaking. F. Definition of Collateralized Debt Obligation. Corporate credit unions are prohibited from purchasing certain overly complex or leveraged investments, including collateralized debt obligations (commonly referred to as CDOs).33 Under the current rule, the term CDO means a debt security collateralized by mortgage-backed securities, other assetbacked securities, or corporate obligations in the form of nonmortgage loans or debt. The term does not include: (1) Senior tranches of Re– REMICs consisting of senior mortgageand asset-backed securities; (2) Any 31 12 CFR 712.5(b). 32 https://www.ncua.gov/regulation-supervision/ corporate-credit-unions/corporate-cuso-activities/ approved-corporate-cuso-activities. 33 The prohibition on purchasing CDOs was intended to protect corporate credit unions from the potential for excessive investment losses. 75 FR 64786, 64793 (Oct. 20, 2010). E:\FR\FM\27MRP1.SGM 27MRP1 Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules khammond on DSKJM1Z7X2PROD with PROPOSALS security that is fully guaranteed as to principal and interest by the U.S. Government or its agencies or its sponsored enterprises; or (3) Any security collateralized by other securities where all the underlying securities are fully guaranteed as to principal and interest by the U.S. Government or its agencies or its sponsored enterprises.34 The proposed rule would amend the definition of CDO to clarify that the definition includes both loans and debt securities. The proposed rule would change the defined term to ‘‘collateralized loan or debt obligation,’’ but would not otherwise amend the definition. The NCUA Board is aware that there has been confusion among industry participants concerning whether collateralized loans meet the definition and are therefore prohibited. The Board believes amending the name of the defined term clarifies the Board’s intent. G. Net Interest Income Modeling Under the current rule, a corporate credit union must perform net interest income (NII) modeling to project earnings in multiple interest rate environments for a period of no less than two years.35 NII modeling must, at minimum, be performed quarterly, including once on the last day of the calendar quarter. The proposed rule would make a change to the timeframe for NII. Under the proposed rule, a corporate credit union would not be required to perform NII modeling for two years and instead would only be required to perform modeling for one year. The Board is proposing to amend the requirements for NII given that corporate credit unions are also subject to weighted average life (WAL) limits, which limit asset maturities to less than two years.36 Under the current rule, a corporate credit union must test its financial assets at least quarterly, including once on the last day of the calendar quarter, for compliance with this limitation. If the WAL of a corporate credit union’s assets exceeds two years on the testing date, this test must be calculated at least monthly, including once on the last day of the month, until the WAL is below two years. The Board believes that NII modeling performed over a longer period than the WAL limits for asset maturities is less useful because the corporate credit union would also have to estimate what reinvestments would occur over the 34 12 CFR 704.2. CFR 704.8(e). 36 12 CFR 704.8(f). 35 12 VerDate Sep<11>2014 15:54 Mar 26, 2020 Jkt 250001 two-year period beyond simply estimating interest cash flows on assets. In addition, corporate credit unions already conduct net economic value analyses which capture a long-term view of interest rate risk. The Board believes that NII modeling over a oneyear period sufficiently captures a corporate credit union’s short-term interest rate risk. III. Request for Comment on the Proposed Rule The above proposed changes are consistent with the Board’s ongoing efforts to reduce regulatory burden while assuring that corporate credit unions operate in a safe and sound manner. The Board welcomes comment on all aspects of the proposal. The Board is particularly interested in comments on the proposed thresholds and definitions and is willing to consider alternatives. The Board is requesting comment specifically on the following questions. 1. Is the proposed definition of corporate CUSO appropriate? Does it capture the types of corporate credit union investments most likely to pose systemic risk to the credit union system? The Board is willing to consider amendments to the definition of corporate CUSO. 2. The proposed definition of a corporate CUSO states that if a corporate credit owns 25 percent or more of a CUSO’s contributed equity, stock, or membership interests, then the CUSO is a corporate CUSO. Please comment on whether 25 percent is an appropriate threshold for control. Should the Board consider a higher or lower threshold? The Board is willing to consider alternative thresholds for the definition of corporate CUSO. The Board notes that for some purposes the Federal Deposit Insurance Corporation defines control as low as 10 percent of an institution’s common stock. 3. How do corporate credit unions structure their investment in CUSOs? Is it generally through stock? Contributed equity? Membership interests? Are there any types of typical ownership interests excluded from the corporate CUSO definition? 4. The proposed rule would not require NP CUSOs to disclose compensation paid to any employees that are also employees of a corporate credit union lending to, or investing in, the CUSO. Are corporate credit unions able to comply with their annual compensation disclosure without receiving the information from NP CUSOs? 5. Instead of requiring a deduction from capital due to the investment in a PO 00000 Frm 00006 Fmt 4702 Sfmt 4702 17293 subordinated debt instrument, should the Board prohibit a corporate credit union from investing in such an instrument? Prohibiting an investment would limit a corporate credit union’s flexibility, but would further reduce the potential for systemic risk. Please discuss the definition of natural person credit union subordinated debt instrument. Does it appropriately capture the subordinated debt instruments issued by natural person credit unions that are most likely to pose systemic risk? The Board is open to alternative treatments for a corporate credit union’s investment in subordinated debt instruments. 6. Would a one-year window for NII modeling provide credit unions with a more accurate window to project earnings? Should the Board consider other timeframes to balance the accuracy of projections with the need for corporate credit unions to understand its interest rate risk? The Board is willing to consider alternative time periods for NII. VII. Regulatory Procedures Regulatory Flexibility Act The Regulatory Flexibility Act (RFA) generally requires that, in connection with a notice of proposed rulemaking, an agency prepare and make available for public comment an initial regulatory flexibility analysis that describes the impact of a proposed rule on small entities (defined for purposes of the RFA to include credit unions with assets less than $100 million).37 A regulatory flexibility analysis is not required, however, if the agency certifies that the rule will not have a significant economic impact on a substantial number of small entities and publishes its certification and a short, explanatory statement in the Federal Register together with the rule. This proposed rule would not have a significant economic impact on a substantial number of small entities. There are no corporate credit unions under $100 million in assets. Therefore, the Board certifies that the rule will not have a significant economic impact on a substantial number of small entities. Paperwork Reduction Act The Paperwork Reduction Act of 1995 (PRA) applies to information collection requirements in which an agency creates a new paperwork burden on regulated entities or modifies an existing burden. For purposes of the PRA, a paperwork burden may take the form of a reporting, recordkeeping, or 37 See E:\FR\FM\27MRP1.SGM 80 FR 57512 (Sept. 24, 2015). 27MRP1 17294 Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules third-party disclosure requirement, each referred to as an information collection. The NCUA may not conduct or sponsor, and the respondent is not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. The proposed rule will amend 12 CFR part 704, in part, to address minimal investments by a corporate credit union in a CUSO without the CUSO being classified as a corporate CUSO. The information collection requirements associated with this provision are cleared under OMB control number 3133–0129 and there are no other new information collection requirements associated with this proposed rule. Executive Order 13132 Executive Order 13132 encourages independent regulatory agencies to consider the impact of their actions on state and local interests. In adherence to fundamental federalism principles, the NCUA, an independent regulatory agency as defined in 44 U.S.C. 3502(5), voluntarily complies with the principles of the executive order. This rulemaking will not have a substantial direct effect on the states, on the connection between the national government and the states, or on the distribution of power and responsibilities among the various levels of government. The NCUA has determined that this proposal does not constitute a policy that has federalism implications for purposes of the executive order. Assessment of Federal Regulations and Policies on Families The NCUA has determined that this proposed rule will not affect family well-being within the meaning of section 654 of the Treasury and General Government Appropriations Act, 1999, Public Law 105–277, 112 Stat. 2681 (1998). List of Subjects in 12 CFR Part 704 Credit unions, Corporate credit unions, Reporting and recordkeeping requirements. khammond on DSKJM1Z7X2PROD with PROPOSALS By the National Credit Union Administration Board on February 20, 2020. Gerard Poliquin, Secretary of the Board. For the reasons discussed above, the Board proposes to amend 12 CFR part 704, as follows: PART 704—CORPORATE CREDIT UNIONS 1. The authority citation for part 704 continues to read as follows: ■ VerDate Sep<11>2014 15:54 Mar 26, 2020 Jkt 250001 Authority: 12 U.S.C. 1766(a), 1781, and 1789. 2. In § 704.2: a. Revise the definition of Collateralized Debt Obligation, Consolidated Credit Union Service Organization and Tier 1 Capital; and ■ b. Add definitions for Corporate CUSO, Credit Union Service Organization (CUSO), and Natural Person Credit Union Subordinated Debt Instrument, in alphabetical order, to read as follows: ■ ■ § 704.2 Definitions. * * * * * Collateralized Debt and Loan Obligation (CDLO) means a debt security collateralized by mortgagebacked securities, other asset-backed securities, or corporate obligations in the form of nonmortgage loans or debt. For purposes of Part 704, the term CDLO does not include: (1) Senior tranches of Re–REMIC’s consisting of senior mortgage-and assetbacked securities; (2) Any security that is fully guaranteed as to principal and interest by the U.S. Government or its agencies or its sponsored enterprises; or (3) Any security collateralized by other securities where all the underlying securities are fully guaranteed as to principal and interest by the U.S. Government or its agencies or its sponsored enterprises. * * * * * Consolidated Credit Union Service Organization (Consolidated CUSO) means any CUSO the assets of which are consolidated with those of the corporate credit union for purposes of reporting under Generally Accepted Accounting Principles (GAAP). Generally, consolidated CUSOs are majority-owned CUSOs. * * * * * Corporate CUSO means a CUSO, as defined in part 712, that: (1) Is a consolidated CUSO; (2) A corporate credit union has the power, directly or indirectly, to direct the CUSO’s management or policies; (3) A corporate credit union owns 25 percent or more of the CUSO’s contributed equity, stock, or membership interests; or (4) The aggregate corporate credit union ownership meets or exceeds 50 percent of the CUSO’s contributed equity, stock, or membership interests. Credit union service organization (CUSO) means both a CUSO under part 712 and a corporate CUSO under part 704. * * * * * Natural Person Credit Union Subordinated Debt Instrument is any PO 00000 Frm 00007 Fmt 4702 Sfmt 4702 debt instrument issued by a natural person credit union that is subordinate to all other claims against the credit union, including the claims of creditors, shareholders, and either the National Credit Union Share Insurance Fund or the insurer of a privately insured credit union. * * * * * Tier 1 capital means the sum of items in paragraphs (1) and (2) of this definition from which items in paragraphs (3) through (7) are deducted: (1) Retained earnings; (2) Perpetual contributed capital; (3) Deduct the amount of the corporate credit union’s intangible assets that exceed one half percent of its moving daily average net assets (however, the NCUA may direct the corporate credit union to add back some of these assets on the NCUA’s own initiative, or the NCUA’s approval of petition from the applicable state regulator or application from the corporate credit union); (4) Deduct investments, both equity and debt, in unconsolidated CUSOs; (5) Deduct an amount equal to any PCC or NCA that the corporate credit union maintains at another corporate credit union; (6) Deduct any amount of PCC received from federally insured credit unions that causes PCC minus retained earnings, all divided by moving daily average net assets, to exceed two percent when a corporate credit union’s retained earnings ratio is less than two and a half percent; and (7) Deduct any natural person credit union subordinated debt instrument held by the corporate credit union. * * * * * ■ 3. Revise § 704.5(c)(3) to read as follows: § 704.5 Investments. * * * * * (c) * * * (1) * * * (2) * * * (3) CUSOs, subject to the limitations of § 704.11; * * * * * ■ 4. In § 704.6(c)(2)(vi), remove the word ‘‘corporate’’ before the word ‘‘CUSO.’’ ■ 5. In § 704.7, remove the word ‘‘corporate’’ before the word ‘‘CUSO’’ each place the word appears. ■ 6. In § 704.8(e) replace the phrase ‘‘no less than 2 years’’ with ‘‘no less than 1 year.’’ ■ 7. Revise § 704.11 to read as follows: § 704.11 Credit Union Service Organizations (CUSOs). (a) Investment and loan limitations. (1) The aggregate of all investments in E:\FR\FM\27MRP1.SGM 27MRP1 khammond on DSKJM1Z7X2PROD with PROPOSALS Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules member and non-member CUSOs that a corporate credit union may make must not exceed 15 percent of a corporate credit union’s total capital. (2) The aggregate of all investments in and loans to member and nonmember CUSOs a corporate credit union may make must not exceed 30 percent of a corporate credit union’s total capital. A corporate credit union may lend to member and nonmember CUSOs an additional 15 percent of total capital if the loan is collateralized by assets in which the corporate has a perfected security interest under state law. (3) If the limitations in paragraphs (a)(1) and (a)(2) of this section are reached or exceeded because of the profitability of the CUSO and the related GAAP valuation of the investment under the equity method without an additional cash outlay by the corporate, divestiture is not required. A corporate credit union may continue to invest up to the regulatory limit without regard to the increase in the GAAP valuation resulting from the CUSO’s profitability. (b) Due diligence. A corporate credit union must comply with the commercial loan policy and due diligence requirements of § 723.4 of this chapter for all loans to CUSOs. (c) Requirements for CUSOs that are not corporate CUSOs. Corporate credit union investments in and lending to CUSOs that are not corporate CUSOs are subject to part 712 of this chapter, except that investment and loan limitations and due diligence requirements are governed by this section. (d) Requirements for Corporate CUSOs. Corporate credit union authority to invest in or loan to a corporate CUSO is limited to that provided in this section. (1) Structure. A corporate CUSO must be structured as a corporation, limited liability company, or limited partnership under state law. (2) Separate entity. (i) A corporate CUSO must be operated as an entity separate from a corporate credit union. (ii) A corporate credit union investing in or lending to a corporate CUSO must obtain a written legal opinion that concludes the corporate CUSO is organized and operated in a manner that the corporate credit union will not reasonably be held liable for the obligations of the corporate CUSO. This opinion must address factors that have led courts to ‘‘pierce the corporate veil,’’ such as inadequate capitalization, lack of corporate identity, common boards of directors and employees, control of one entity over another, and lack of separate books and records. VerDate Sep<11>2014 15:54 Mar 26, 2020 Jkt 250001 (3) Permissible activities. (i) A corporate CUSO must agree to limit its activities to: (1) Brokerage services, (2) Investment advisory services, and (3) Other categories of activities as approved in writing by NCUA and as reflected in Appendix D. (ii) Once the NCUA has approved an activity and published that activity on its website, the NCUA will not remove that particular activity from the approved list, or make substantial changes to the content or description of that approved activity, except through the formal rulemaking process. (4) Compensation Restrictions. An official of a corporate credit union which has invested in or loaned to a corporate CUSO may not receive, either directly or indirectly, any salary, commission, investment income, or other income, compensation, or consideration from the corporate CUSO. This prohibition also extends to immediate family members of officials. (5) Written Agreement between the Corporate Credit Union and Corporate CUSO. Prior to making an investment in or loan to a corporate CUSO, a corporate credit union must obtain a written agreement that the corporate CUSO: (i) Will follow GAAP; (ii) Will provide financial statements to the corporate credit union at least quarterly; (iii) Will obtain an annual CPA opinion audit and provide a copy to the corporate credit union. A consolidated CUSO is not required to obtain a separate annual audit if it is included in the corporate credit union’s annual audit; (iv) Will provide the reports as required by § 712.3(d)(4) and (5) of this chapter; (v) Will not acquire control, directly or indirectly, of another depository financial institution or to invest in shares, stocks, or obligations of an insurance company, trade association, liquidity facility, or similar organization; (vi) Will allow the auditor, board of directors, and NCUA complete access to the CUSO’s personnel, facilities, equipment, books, records, and any other documentation that the auditor, directors, or NCUA deem pertinent; (vii) Will inform the corporate, at least quarterly, of all the compensation paid by the CUSO to its employees who are also employees of the corporate credit union; and (viii) Will comply with all the requirements of this section. (e) Subsidiary Restrictions. Any subsidiary of a corporate CUSO is automatically designated a corporate PO 00000 Frm 00008 Fmt 4702 Sfmt 4702 17295 CUSO and subject to all the requirements of this section. The requirements of this section apply to all tiers or levels of a corporate CUSO’s structure. ■ 8. Revise § 704.14(a)(2) to read as follows: § 704.14 Representation. * * * * * (a) * * * (1) * * * (2) Only an individual who currently holds a senior staff position (e.g., position of chief executive officer, chief financial officer, chief operating officer, chief information officer, chief risk officer, treasurer/manager, etc.) at a member credit union, and will hold that position at the time he or she is seated on the corporate credit union board if elected, may seek election or re-election to the corporate credit union board; * * * * * ■ 9. In § 704.19, remove the word ‘‘corporate’’ before the word ‘‘CUSO’’. ■ 10. In § 704.21, revise paragraph (c) and remove paragraphs (d) and (e) to read as follows: § 704.21 Enterprise risk management. * * * * * (a) * * * (b) * * * (c) The ERMC must include at least one risk management expert who can report directly to the board of directors. The risk management expert’s experience must be commensurate with the size of the corporate credit union and the complexity of its operations. ■ 11. Add Appendix D to read as follows: Appendix D: Approved Corporate CUSO Activities. Category—Clerical, Professional, & Management A corporate CUSO may engage in the following clerical, professional, and management activities: 1. Business Consulting Services: Offering consulting services in support of business development, strategic planning, industry analysis, and operational efficiency. 2. Human Resources Services: Services addressing human capital needs, reporting, and management considerations to include development of policies, procedures, and employee manuals. 3. Insurance Brokerage or Agency Referrals: Making third party insurance services or products available. This may include endorsing a product or service, negotiating group discounts and making referrals. E:\FR\FM\27MRP1.SGM 27MRP1 khammond on DSKJM1Z7X2PROD with PROPOSALS 17296 Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules 4. Marketing and Research Services: Systematically gathering, recording, and analyzing data about issues relating to marketing credit union products and services to identify and assess how changing elements of the marketing mix affect member behavior. Producing reports of research, making recommendations for marketing strategies, and other similar market and research services. 5. Payroll Services: Management of payroll processing, reporting, and tax filing; 6. Training Services: Furnishing prepackaged training products, developing new or customizing existing training products/modules, and facilitating education and training of credit union staff. 7. Audit & Compliance Consulting Services: Performing, as requested and agreed upon in predetermined scope arrangement, audits (internal, operational, financial, or compliance). Providing education and consultation services for developing statutory and regulatory compliance programs related to the Bank Secrecy Act, Anti Money Laundering provision, Office of Foreign Asset Control, and U.S. Patriot Act. 8. Product Development Services: Research and development of products and services specific to the needs of credit unions and their members/ consumers. A corporate credit union may engage in the following currency services: 1. Coin and Currency Services: Providing replenishment or deposit of excess coin and cash. This may include vault cash orders, ATM replenishments, and other similar services. Coin and currency services may be offered through agreement with another financial institution, direct with the Federal Reserve, through an armored car service agreement, or other similar arrangement. 2. A corporate credit union may only engage in coin and currency services if it meets the following conditions: a. Maintain bond/liability insurance as appropriate. b. Annually provide OCCU copy of bond/liability insurance. A corporate credit union may engage in the following data processing services: 1. Electronic Document Management: Providing document and record management systems which may allow for document archival, reporting, secure remote access, and similar services. 2. Core processing: Offering a backend system in a service bureau environment used to process and record daily transactions, and post updates to accounts and other financial records. VerDate Sep<11>2014 15:54 Mar 26, 2020 Jkt 250001 This typically includes deposit, loan and credit-processing capabilities, with interfaces to general ledger systems and reporting tools, and may allow for or integrate with front-end member access platforms, subject to the following conditions: a. Maintain business recovery plan ensuring uninterrupted operations. b. Maintain bond/liability insurance appropriate for activity. c. Adhere to AICPA audit standards for reporting on controls at a service organization. d. Annually provide OCCU copy of bond/liability insurance, business contingency plans & test results. A corporate credit union may engage in the following lending and deposit services: 1. Business Banking—Consulting and Turnkey Services: Provide either inhouse, or through turnkey operation, suite of financial products. Products may include loan products, risk monitoring, and consulting services for business loan, deposit, payment and cash management products, provided that the corporate CUSO comply with the Member Business Loan Regulation— Part 723 of the NCUA Rules and Regulations. 2. Business loan origination: Provide business loan consulting and origination services. Examples of business loan origination include commercial real estate, term loans, lines of credit, construction, agriculture, SBA loans, and loan participation servicing and brokering, provided that the corporate CUSO comply with the Member Business Loan Regulation—Part 723 of the NCUA Rules and Regulations. 3. Business Loan Support Services: Provide business loan processing and sales to include pre- and post closing underwriting, risk monitoring reports, document preparation, and servicing. Loan support services may also include debt collection services and sale of repossessed collateral. A corporate credit union may engage in the following payments and electronic transaction services: 1. Automated Clearing House (ACH): Providing services for the receipt, processing, distribution, and settlement of electronic credits and debits among financial institutions for final posting to business entities, credit unions and members/consumers. Activities include receipt of ACH files; file distribution; receipt and processing of returned items and notification of change files; offering and/or processing ACH origination files; assisting with ACH exceptions and transaction disputes; providing settlement of ACH files; and other PO 00000 Frm 00009 Fmt 4702 Sfmt 4702 similar ACH services, subject to the following conditions: a. Restrict CUSO ownership to one corporate unless approved by NCUA. b. Comply with NACHA rules. c. Maintain Business Continuity/ Disaster Recovery plan ensuring uninterrupted operations. d. Comply with the Security Program Requirements—Part 748 to safeguard consumer information. e. Maintain bond/liability insurance as appropriate. f. Adhere to AICPA audit standards for reporting on controls at a service organization. g. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results. h. Utilize distributed settlement model if providing services to other corporate credit unions. 2. Wire Transfer Services (Domestic and International): Electronically transferring funds through the Federal Reserve Bank, other financial institution, or other similar third-party funds transfer agent (i.e., Western Union, etc.) directly to a domestic or foreign financial institution or receiving transfer agent with final credit to business entities, credit unions, and member/consumers, subject to the following conditions: a. Restrict CUSO ownership to one corporate unless approved by NCUA. b. Maintain Business Continuity/ Disaster Recovery plan ensuring uninterrupted operations. c. Comply with the Security Program Requirements—Part 748 to safeguard consumer information. d. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable. e. Prefund transactions prior to processing. f. Maintain bond/liability insurance as appropriate. g. Adhere to AICPA audit standards for reporting on controls at a service organization. h. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results. 3. Forward Check Collection/Remote Deposit Capture Services: Offering a suite of image, electronic, and paper forward check processing, collection, clearing, settlement, adjustment, and reporting services. Deposit processing may occur as either ‘‘traditional’’ paper processing, electronic truncation, or image capture, processing, and E:\FR\FM\27MRP1.SGM 27MRP1 khammond on DSKJM1Z7X2PROD with PROPOSALS Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules transmission of check images from remote or centralized locations. Remote deposit capture services may include branch, teller, merchant, ATM, and consumer capture, and other similar forward check collection services. Activities may include resale of equipment through negotiated agreement, bundled services, and support agreements, subject to the following conditions: a. Restrict CUSO ownership to one corporate unless approved by NCUA. b. Comply with Federal Reserve Operating circulars and/or image clearing house operating agreements. c. Maintain Business Continuity/ Disaster Recovery plan ensuring uninterrupted operations. d. Comply with the Security Program Requirements—Part 748 to safeguard consumer information. e. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable. f. Maintain bond/liability insurance as appropriate. g. Adhere to AICPA audit standards for reporting on controls at a service organization. h. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results. i. Utilize distributed settlement model if providing services to other corporate credit unions. 4. Share Draft (Check) Processing: Offering inclearing services for the receipt and processing of share drafts (checks) either as electronic images or physical checks received from the Federal Reserve Bank, image exchange networks, or through direct presentment arrangements with other financial institutions. Services include receipt and processing of inclearing checks for file distribution, processing of return files, adjustments, dispute resolution assistance, financial settlement of files, and other similar services, subject to the following conditions: a. Restrict CUSO ownership to one corporate unless approved by NCUA. b. Comply with Federal Reserve Operating circulars and/or image clearing house operating agreements. c. Maintain Business Continuity/ Disaster Recovery plan ensuring uninterrupted operations. d. Comply with the Security Program Requirements—Part 748 to safeguard consumer information. e. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable. VerDate Sep<11>2014 15:54 Mar 26, 2020 Jkt 250001 f. Maintain bond/liability insurance as appropriate. g. Adhere to AICPA audit standards for reporting on controls at a service organization. h. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results. i. Utilize distributed settlement model if providing services to other corporate credit unions. 5. Share Draft, Check Imaging, and Archival Services: Providing services for capturing and storing images of physical share drafts or checks for the purpose of facilitating forward check collection, maintaining electronic archives, and facilitating electronic access to check images for consumers’ statements, integration with internet banking websites, and other similar purposes. Service may also include creating copies of archival history to facilitate ‘‘inhouse’’ storage or transfers to new thirdparty service providers, subject to the following conditions: a. Restrict CUSO ownership to one corporate unless approved by NCUA. b. Comply with Federal Reserve Operating circulars and/or image clearing house operating agreements. c. Maintain Business Continuity/ Disaster Recovery plan ensuring uninterrupted operations. d. Comply with the Security Program Requirements—Part 748 to safeguard consumer information. e. Comply with NCUA and FFIEC Guidance for Authentication in an internet Banking Environment as applicable. f. Maintain bond/liability insurance as appropriate. g. Adhere to AICPA audit standards for reporting on controls at a service organization. h. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results. 6. Share Draft Fraud and Risk Management Services: Offering complementary services for share draft processing designed to identify and prevent checking account fraud and losses during the share draft clearing process, subject to the following conditions: a. Maintain Business Continuity/ Disaster Recovery plan ensuring uninterrupted operations. b. Comply with the Security Program Requirements—Part 748 to safeguard consumer information. c. Maintain bond/liability insurance as appropriate. PO 00000 Frm 00010 Fmt 4702 Sfmt 4702 17297 d. Adhere to AICPA audit standards for reporting on controls at a service organization. e. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results. 7. Official Check Services: Offering business share drafts (checks), official checks, and money order programs to include processing, clearing, and settlement of items, maintaining list of issued drafts, and providing daily reports for reconciliation, subject to the following conditions: a. Maintain Business Continuity/ Disaster Recovery plan ensuring uninterrupted operations. b. Comply with the Security Program Requirements—Part 748 to safeguard consumer information. c. Maintain bond/liability insurance as appropriate. d. Adhere to AICPA audit standards for reporting on controls at a service organization. e. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results. 8. Lockbox & Remittance Services: Providing wholesale or small batch retail remittance processing services. Service includes receiving and processing payments, providing reports or files of activity, depositing of funds, and forward collection of items, subject to the following conditions: a. Maintain Business Continuity/ Disaster Recovery plan ensuring uninterrupted operations. b. Comply with the Security Program Requirements—Part 748 to safeguard consumer information. c. Maintain bond/liability insurance as appropriate. d. Adhere to AICPA audit standards for reporting on controls at a service organization. e. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results. 9. Online & Mobile Banking: Offering internet-based technological services which may provide real-time, 24/7 access to consumers’ financial information. This includes the ability to manage a variety of transactional and non-transactional activities within and between accounts which may include electronic transfers, payments, on-line loan applications, and other similar banking activities. Access to accounts may be through internet web applications and/or portable electronic E:\FR\FM\27MRP1.SGM 27MRP1 khammond on DSKJM1Z7X2PROD with PROPOSALS 17298 Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules devices, subject to the following conditions: a. Maintain Business Continuity/ Disaster Recovery plan ensuring uninterrupted operations. b. Comply with the Security Program Requirements—Part 748 to safeguard consumer information. c. Comply with NCUA and FFIEC Guidance for Authentication in an internet Banking Environment as applicable. d. Maintain bond/liability insurance as appropriate. e. Adhere to AICPA audit standards for reporting on controls at a service organization. f. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results. 10. Bill Pay and Electronic Bill Presentment and Payment (EBPP) Services: Offering services to allow consumers to send money to a creditor or vendor to be credited against a specific account. Bill payments may be executed electronically, via paper check or banker’s draft, or other similar electronic payment means. Services may also include electronically presenting bills and/or billing statements, subject to the following conditions: a. Maintain Business Continuity/ Disaster Recovery plan ensuring uninterrupted operations. b. Comply with the Security Program Requirements—Part 748 to safeguard consumer information. c. Comply with NCUA and FFIEC Guidance for Authentication in an internet Banking Environment as applicable. d. Maintain bond/liability insurance as appropriate. e. Adhere to AICPA audit standards for reporting on controls at a service organization. f. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results. 11. Electronic Statements/Paper Statements: Providing electronic and paper delivery of periodic account statements, subject to the following conditions: a. Comply with the Security Program Requirements—Part 748 to safeguard consumer information. b. Comply with NCUA and FFIEC Guidance for Authentication in an internet Banking Environment as applicable. c. Maintain bond/liability insurance as appropriate. VerDate Sep<11>2014 15:54 Mar 26, 2020 Jkt 250001 d. Annually provide OCCU copy of bond/liability insurance, business continuity plans and test results. 12. Credit Card, Debit Card, and Gift or Prepaid Card Program Services: Offering debit, credit, and gift or prepaid card programs and processing to include: access to card networks and gateways, authorization and settlement of signature debit transactions, including settlement of related funds; fraud monitoring, risk management, and case support services to include neural networks and charge-back processing services; back office card support and management, reconciliation of daily settlement and adjustment processing; card maintenance, issuance, and transaction reports; card program project management and implementation; and other similar services. Gift or prepaid cards may be reloadable or non-reloadable, subject to the following conditions: a. Maintain Business Continuity/ Disaster Recovery plan ensuring uninterrupted operations. b. Maintain bond/liability insurance as appropriate. c. Maintain and certify compliance with current PCI/DSS (Payment Card Industry/Data Security Standards). d. Maintain neural network or other industry standard fraud detection system. e. Comply with network processing agreements and standards. f. Adhere to AICPA audit standards for reporting on controls at a service organization. g. Annually provide OCCU copy of bond/liability insurance, business continuity plans and test results, report on controls at a service organization, and PCI/DSS compliance certification. 13. Automated Teller Machine (ATM), Electronic Funds Transfer (EFT), and Point of Sale (POS) Services and Networks: Offering programs that allow access to a network of EFT terminals and ATMs to initiate PIN-based debit or ATM card transactions. ATM services include utilizing a shared ATM network, setting up a private ATM network, monitoring of ATM connectivity and availability, including the management of telecom circuits and modems, assisting with the implementation of new ATMs, ensuring data security and integrity, providing network access, authorization of PIN transactions completed at ATMs, including settlement of related funds. Other services include fraud monitoring of PIN transactions, adjustment and dispute resolution processing to include card blocking, chargeback processing, related research and other similar PO 00000 Frm 00011 Fmt 4702 Sfmt 4702 services, subject to the following conditions: a. Maintain Business Continuity/ Disaster Recovery plan ensuring uninterrupted operations. b. Maintain bond/liability insurance as appropriate. c. Maintain and certify compliance with current PCI/DSS. d. Maintain neural network or other industry standard fraud detection system. e. Comply with network processing agreements and standards. f. Adhere to AICPA audit standards for reporting on controls at a service organization. g. Annually provide OCCU copy of bond/liability insurance, business continuity plans and test results, report on controls at a service organization, and PCI/DSS compliance certification. 14. Shared Branching Services: Providing for the sharing of infrastructure to establish a private, secure, cooperative processing network that accepts transactions from members of participating credit unions. Shared branching functionality includes conducting deposits, account balance inquiries, and check cashing, and requesting funds transfers, official checks, or other similar services, subject to the following conditions: a. Maintain Business Continuity/ Disaster Recovery plan ensuring uninterrupted operations. b. Comply with the Security Program Requirements—Part 748 to safeguard consumer information. c. Comply with NCUA and FFIEC Guidance for Authentication in an internet Banking Environment as applicable. d. Maintain and certify compliance with current PCI/DSS network standards or other similar shared network security standard, if applicable. e. Maintain bond/liability insurance as appropriate. f. Adhere to AICPA audit standards for reporting on controls at a service organization. g. Annually provide OCCU copy of bond/liability insurance, business continuity plans and test results, report on controls at a service organization, and PCI/DSS compliance certification, if applicable. A corporate credit union may engage in the following information technology services: 1. Web Development, Hosting, & Content Management: Developing and designing non-transaction public websites, private or internal websites, and web applications. Website hosting to include maintaining the servers and html code for public and private E:\FR\FM\27MRP1.SGM 27MRP1 khammond on DSKJM1Z7X2PROD with PROPOSALS Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules websites, intranets, and Web applications used on customer websites. Offering web content management (WCM) systems to simplify the publication of web content and updates to websites and mobile devices, subject to the following conditions: a. Maintain business recovery plan ensuring uninterrupted operations. b. Maintain bond/liability insurance appropriate for activity. c. Adhere to AICPA audit standards for reporting on controls at a service organization. d. Annually provide OCCU copy of bond/liability insurance, business contingency plans & test results. 2. Web Authentication & Security Monitoring: Web security and monitoring services such as authentication and encryption of passwords and other similar techniques for secure member login to intranets, extranets, and private websites; host based intrusion protection and detection; log monitoring; hacker-safe monitoring programs; and configuration and daily administration web security and other similar monitoring services, subject to the following conditions: a. Comply with the Security Program Requirements—Part 748 of the NCUA Rules and Regulations. b. Comply with NCUA and FFIEC Guidance for Authentication in an internet Banking Environment as applicable. c. Maintain bond/liability insurance appropriate for activity. d. Adhere to AICPA audit standards for reporting on controls at a service organization. e. Annually provide OCCU copy of bond/liability insurance, business contingency plans & test results. 3. Software Systems Development/ Application Programming Interface (API) Development: Designing, coding, testing and updating custom software system data programs and other code (e.g., scripts). Application Programming Interface (API) development includes developing, testing, and updating custom applications which interface with other existing systems and applications such as core processing systems, subject to the following conditions: a. Comply with the Security Program Requirements—Part 748 of the NCUA Rules and Regulations. b. Conduct independent code review for custom software systems and applications. c. Adhere to audit standards for thirdparty service providers. d. Maintain source code for custom developed software systems in escrow or in similar arrangement. VerDate Sep<11>2014 15:54 Mar 26, 2020 Jkt 250001 4. Secure Collaboration Services: Programs, systems, or sites for establishing secure communication channels for private document storage and distribution, and dissemination of confidential or sensitive information for the purpose of collaboration between authorized parties, provided that the corporate CUSO complies with the Security Program Requirements—Part 748 of the NCUA Rules and Regulations. 5. Information Technology (IT) Consulting and Management Services: Consulting and management services for IT infrastructure design and architecture, system security, administration, support, resource management and monitoring. Services include offering Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and planning and management, and the provisioning of hardware and software for business continuity planning to include online data backup and recovery services, subject to the following conditions: a. Comply with the Security Program Requirements—Part 748 and Records Preservation Program and Records Retention Appendix—Part 749 of the NCUA Rules and Regulations. b. Maintain bond/liability insurance appropriate for activity. c. Annually provide OCCU copy of bond/liability insurance, vendor due diligence reports, security program, business contingency plans & test results. A corporate credit union may engage in the following investment/ALM services: 1. Asset Liability Management (ALM) Consulting, Advisory, and Reporting Services: Consulting, advisory, and reporting services for balance sheet and interest rate risk management. This includes ALM interest rate risk modeling, measurement, and reporting; ALM model validation services; consulting services for ALM policy development, core deposit studies, lending pool analysis and valuations, and other similar services. [FR Doc. 2020–03837 Filed 3–26–20; 8:45 am] BILLING CODE 7535–01–P PO 00000 Frm 00012 Fmt 4702 Sfmt 4702 17299 BUREAU OF CONSUMER FINANCIAL PROTECTION 12 CFR Part 1006 [Docket No. CFPB–2020–0010] RIN 3170–AA41 Debt Collection Practices (Regulation F); Extension of Comment Period Bureau of Consumer Financial Protection. ACTION: Supplemental notice of proposed rulemaking; extension of comment period. AGENCY: On March 3, 2020, the Bureau of Consumer Financial Protection (Bureau) published in the Federal Register a Supplemental Notice of Proposed Rulemaking (SNPRM) requesting comment on the Bureau’s proposal to amend Regulation F, which implements the Fair Debt Collection Practices Act (FDCPA), to require debt collectors to make certain disclosures when collecting time-barred debts. The SNPRM provided a 60-day comment period that was set to close on May 4, 2020. To allow interested persons more time to consider and submit their comments, the Bureau has determined that an extension of the comment period until June 5, 2020, is appropriate. DATES: The comment period for the debt collection SNPRM published March 3, 2020, at 85 FR 12672, is extended. Responses to the SNPRM must now be received on or before June 5, 2020. ADDRESSES: You may submit comments, identified by Docket No. CFPB–2020– 0010 or RIN 3170–AA41, by any of the following methods: • Federal eRulemaking Portal: http:// www.regulations.gov. Follow the instructions for submitting comments. • Email: 2020-NPRM-DebtCollection@ cfpb.gov. Include Docket No. CFPB– 2020–0010 or RIN 3170–AA41 in the subject line of the email. • Mail/Hand Delivery/Courier: Comment Intake, Bureau of Consumer Financial Protection, 1700 G Street NW, Washington, DC 20552. Instructions: The Bureau encourages the early submission of comments. All submissions should include the agency name and docket number or Regulatory Information Number (RIN) for this rulemaking. Because paper mail in the Washington, DC area and at the Bureau is subject to delay, commenters are encouraged to submit comments electronically. In general, all comments received will be posted without change to http://www.regulations.gov. In addition, comments will be available for public inspection and copying at 1700 SUMMARY: E:\FR\FM\27MRP1.SGM 27MRP1

Agencies

[Federal Register Volume 85, Number 60 (Friday, March 27, 2020)]
[Proposed Rules]
[Pages 17288-17299]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-03837]


========================================================================
Proposed Rules
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains notices to the public of 
the proposed issuance of rules and regulations. The purpose of these 
notices is to give interested persons an opportunity to participate in 
the rule making prior to the adoption of the final rules.

========================================================================


Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / 
Proposed Rules

[[Page 17288]]



NATIONAL CREDIT UNION ADMINISTRATION

12 CFR Part 704

RIN 3133-AF13


Corporate Credit Unions

AGENCY: National Credit Union Administration (NCUA).

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The NCUA Board (Board) is seeking comment on a proposed rule 
that would amend the NCUA's corporate credit union regulation. The 
proposed rule would update, clarify, and simplify several provisions of 
the NCUA's corporate credit union regulation, including: Permitting a 
corporate credit union to make a minimal investment in a credit union 
service organization (CUSO) without the CUSO being classified as a 
corporate CUSO under the NCUA's rules; expanding the categories of 
senior staff positions at member credit unions eligible to serve on a 
corporate credit union's board; amending the minimum experience and 
independence requirement for a corporate credit union's enterprise risk 
management expert; and requiring a corporate credit union to deduct 
certain investments in subordinated debt instruments issued by natural 
person credit unions.

DATES: Comments must be received by May 26, 2020.

ADDRESSES: You may submit written comments, identified by RIN 3133-
AF13, by any of the following methods (Please send comments by one 
method only):
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: (703) 518-6319. Include ``[Your Name]--Comments on 
Proposed Rule: Corporate Credit Unions'' in the transmittal.
     Mail: Address to Gerard Poliquin, Secretary of the Board, 
National Credit Union Administration, 1775 Duke Street, Alexandria, 
Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.
    Public Inspection: You may view all public comments on the Federal 
eRulemaking Portal at http://www.regulations.gov as submitted, except 
for those we cannot post for technical reasons. The NCUA will not edit 
or remove any identifying or contact information from the public 
comments submitted. You may inspect paper copies of comments in the 
NCUA's law library at 1775 Duke Street, Alexandria, Virginia 22314, by 
appointment weekdays between 9:00 a.m. and 3:00 p.m. To make an 
appointment, call (703) 518-6546, or send an email to [email protected].

FOR FURTHER INFORMATION CONTACT: Policy and Analysis: Robert Dean, 
National Supervision Analyst, Office of National Examinations and 
Supervision, (703) 518-6652; Legal: Rachel Ackmann, Senior Staff 
Attorney, Office of General Counsel, (703) 548-2601; or by mail at 
National Credit Union Administration, 1775 Duke Street, Alexandria, VA 
22314.

SUPPLEMENTARY INFORMATION: 

I. Introduction

a. Legal Authority and Background

    The Board is issuing this rule pursuant to its authority under the 
Federal Credit Union Act (FCU Act).\1\ Under the FCU Act, the NCUA is 
the chartering and supervisory authority for Federal credit unions 
(FCUs) and the federal supervisory authority for federally insured 
credit unions (FICUs). The FCU Act grants the NCUA a broad mandate to 
issue regulations governing both FCUs and FICUs. Section 120 of the FCU 
Act is a general grant of regulatory authority and authorizes the Board 
to prescribe regulations for the administration of the FCU Act.\2\ 
Section 209 of the FCU Act is a plenary grant of regulatory authority 
to the NCUA to issue regulations necessary or appropriate to carry out 
its role as share insurer for all FICUs.\3\ The FCU Act also includes 
an express grant of authority for the Board to subject federally 
chartered central, or corporate, credit unions to such rules, 
regulations, and orders as the Board deems appropriate.\4\
---------------------------------------------------------------------------

    \1\ 12 U.S.C. 1751 et seq.
    \2\ 12 U.S.C. 1766(a).
    \3\ 12 U.S.C. 1789.
    \4\ 12 U.S.C. 1766(a).
---------------------------------------------------------------------------

    Part 704 of the NCUA's regulations implements the requirements of 
the FCU Act regarding corporate credit unions.\5\ In 2010, the Board 
comprehensively revised the regulations governing corporate credit 
unions to provide longer-term structural enhancements to the corporate 
system in response to the financial crisis of 2007-2009.\6\ The 
provisions of the 2010 rule successfully stabilized the corporate 
system and improved corporate credit unions' ability to function and 
provide services to natural person credit unions. Since 2010, and as 
part of the Board's continuous reevaluation of its regulation of 
corporate credit unions, the Board has amended part 704 on several 
occasions.\7\ Part 704 was last amended in 2017, when the Board amended 
corporate credit union capital standards to change the calculation of 
capital after a consolidation and to set a retained earnings ratio 
target in meeting prompt corrective action (commonly referred to as 
PCA) standards.\8\
---------------------------------------------------------------------------

    \5\ 12 CFR part 704.
    \6\ 75 FR 64786 (Oct. 20, 2010).
    \7\ See e.g., 80 FR 25932 (May 6, 2015), 80 FR 57283 (Sept. 23, 
2015), and 82 FR 55497 (Nov. 22, 2017).
    \8\ 82 FR 55497 (Nov. 22, 2017).
---------------------------------------------------------------------------

b. Regulatory Review

    The NCUA reviews all of its existing regulations every three years. 
The NCUA's Office of General Counsel maintains a rolling review 
schedule that identifies one-third of its existing regulations for 
review each year and provides notice to the public of those regulations 
under review so the public may have an opportunity to comment. Part 704 
was part of the Office of General Counsel's 2019 annual regulatory 
review.\9\ The Board received several comments on updating part 704 as 
part of the 2019 annual regulatory review.
---------------------------------------------------------------------------

    \9\ See, https://www.ncua.gov/regulation-supervision/rules-regulations/regulatory-review.
---------------------------------------------------------------------------

II. Proposed Rule

    The Board proposes to update, clarify, and simplify several 
provisions of part 704. Specifically, the proposed rule would: (1) 
Permit a corporate credit union to make a minimal investment in a CUSO 
without the CUSO being

[[Page 17289]]

classified as a corporate CUSO and subject to heightened NCUA 
oversight; (2) expand the categories of senior staff positions at 
member credit unions eligible to serve on a corporate credit union's 
board; (3) remove the experience and independence requirement for a 
corporate credit union's enterprise risk management expert; (4) clarify 
the treatment of an investment in a subordinated debt instrument of a 
natural person credit union; (5) codify the current list of permissible 
activities for a corporate CUSO; (6) clarify the definition of a 
collateralized debt obligation; and (7) simplify the requirement for 
net interest income modeling. Each proposed change is discussed in 
detail below.

A. Minimal Investment in Natural Person CUSOs

    Part 704 includes specific regulations for a corporate credit 
union's investment and lending activity and permits a corporate credit 
union to invest in and lend to a corporate CUSO. A corporate CUSO is 
defined as an entity that is at least partly owned by a corporate 
credit union; primarily serves credit unions; restricts its services to 
those related to the normal course of business of credit unions; \10\ 
and is structured as a corporation, limited liability company, or 
limited partnership under state law.\11\
---------------------------------------------------------------------------

    \10\ See, 12 CFR 704.11(e).
    \11\ 12 CFR 704.11(a).
---------------------------------------------------------------------------

    Similar to natural person credit union service organizations (NP 
CUSOs), the Board cannot regulate corporate CUSOs directly, but it can, 
for safety and soundness reasons, regulate the types of investments 
that corporate credit unions make and whether a corporate credit union 
may invest in a CUSO. Part 704 includes several prudential requirements 
to ensure corporate credit union investment in and lending to corporate 
CUSOs is safe and sound. For example, part 704 regulates aggregate 
corporate credit union investment in and lending to corporate CUSOs. 
Part 704 also includes customer base requirements, permissible 
activities, accounting and audit standards, and requires NCUA access to 
corporate CUSO facilities, books, and records. In general, many of the 
prudential standards for corporate CUSOs are more restrictive than the 
standards for NP CUSOs.\12\ The Board has historically imposed more 
restrictive standards for corporate CUSOs as they may serve hundreds or 
even thousands of natural person credit unions and pose unique systemic 
risk.\13\ Additionally, core functions of corporate credit unions that 
pose systemic risk could be moved to corporate CUSOs. The Board has 
expressed concern that the movement of these core functions to entities 
that are not directly regulated by the NCUA could increase the systemic 
risk associated with corporate CUSOs, and the Board wants to ensure it 
has a degree of oversight and control of these activities.\14\
---------------------------------------------------------------------------

    \12\ For example, the permissible activities for a corporate 
CUSO are more limited than the permissible activities for a NP CUSO. 
A corporate CUSO may seek Board permission to engage in additional 
activities, but the process can be burdensome. In addition, 
corporate CUSOs are also subject to more rigorous NCUA oversight. A 
corporate CUSO must agree to give the NCUA complete access to its 
personnel, facilities, equipment, books, records, and other 
documentation that the NCUA deems pertinent. In contrast, NP CUSOs 
must provide the NCUA with complete access to its books and records 
and the ability to review its internal controls, as deemed necessary 
by the NCUA. Finally, corporate CUSOs must provide quarterly 
financial statements to the corporate credit union. In contrast, NP 
CUSOs must prepare quarterly financial statements, but do not have 
to provide the statements to FCUs.
    \13\ 74 FR 65210 (Dec. 9, 2009).
    \14\ Id.
---------------------------------------------------------------------------

    As stated above, a corporate CUSO is defined as an entity that is 
at least partly owned by a corporate credit union; primarily serves 
credit unions; restricts its services to those related to the normal 
course of business of credit unions; and is structured as a 
corporation, limited liability company, or limited partnership under 
state law.\15\ The definition is broad and includes no exception for de 
minimus, non-controlling equity investments. Accordingly, any corporate 
credit union equity interest in a CUSO, regardless of how small a share 
of the CUSO the corporate credit union owns, is sufficient to designate 
the CUSO as a corporate CUSO and subject it to additional requirements 
under part 704.
---------------------------------------------------------------------------

    \15\ 12 CFR 704.11(a).
---------------------------------------------------------------------------

    The proposed rule would amend the definition of corporate CUSO so 
that a corporate credit union could make a de minimus, non-controlling 
investment in a NP CUSO without the CUSO being deemed a corporate CUSO. 
The Board has reconsidered its position that any corporate credit union 
investment in a CUSO must be subject to enhanced standards under part 
704. The Board believes that a corporate credit union's non-controlling 
investment would not pose the same systemic risks to the credit union 
system as a controlling investment. It is unlikely that a corporate 
credit union would move its essential functions into a non-controlled 
CUSO.
    The Board has also considered the benefits of permitting corporate 
credit unions to make de minimus, non-controlling investments in NP 
CUSOs. Compared to corporate CUSOs, NP CUSOs are permitted to engage in 
a broader range of permissible activities and services. Consequently, 
NP CUSOs are often a source of collaboration and innovation among FICUs 
that may result in the origination of new products and services. To 
compete effectively in today's technology-based financial service 
market, FICUs may need to rely increasingly on pooling their resources 
to fund CUSOs and to build the necessary infrastructure. The costs for 
research and development, acquisition, implementation, and specialized 
staff capable of managing these new technologies may be prohibitive for 
all but a very few of the largest FICUs. CUSOs may provide the means 
for FICUs to collectively address these challenges and may enable FICUs 
to collaboratively develop technologies that better serve their 
members.
    Without the opportunity to invest in NP CUSOs, a corporate credit 
union may be restricted in its ability to participate in this process. 
The Board believes that by expanding corporate credit union investment 
authorities, while still maintaining necessary safeguards, corporate 
credit unions will be in a better position to participate in the 
development of new products and services. NP CUSOs would also benefit 
from a larger pool of potential investors, which may enable further 
research and development during this period of rapid technological 
growth.
    In addition to amending the definition of corporate CUSO to permit 
de minimus, non-controlling investments in NP CUSOs, the proposed rule 
would also make several conforming amendments to part 704. The specific 
details of the proposed amendments are discussed below.
Sec.  704.2 Definitions
    Consolidated credit union service organization. Generally, 
consolidated CUSOs are those majority-owned by a corporate credit 
union. The proposed rule would amend the definition of consolidated 
CUSO to use the newly defined term ``CUSO'' for clarity. Under the 
proposed rule, a consolidated CUSO would mean any CUSO the assets of 
which are consolidated with those of the corporate credit union for 
purposes of reporting under Generally Accepted Accounting Principles 
(GAAP).
    Corporate CUSO. As discussed above, the proposed rule would amend 
the definition of a corporate CUSO. Under the proposed rule, a CUSO 
would be designated as a corporate CUSO only if one or more corporate 
credit unions

[[Page 17290]]

have a controlling interest. A corporate credit union would be 
considered to have a controlling interest if: (1) The CUSO is 
consolidated on a corporate credit union's balance sheet; (2) a 
corporate credit union has the power, directly or indirectly, to direct 
the CUSO's management or policies; or (3) a corporate credit union owns 
25 percent or more of the CUSO's contributed equity, stock, or 
membership interests.\16\ A CUSO would also be designated as a 
corporate CUSO if the aggregate corporate credit union ownership of all 
corporates investing in the CUSO meets or exceeds 50 percent of the 
CUSO's contributed equity, stock, or membership interests. The Board is 
concerned that if several corporate credit unions have a majority 
ownership interest in a CUSO, the CUSO could present the same risk to 
the credit union system as a CUSO that is controlled by one corporate 
credit union. If any of these four conditions are met, then the CUSO 
would meet the definition of a corporate CUSO and be subject to 
additional requirements under part 704. The definition of corporate 
CUSO would also be moved to Sec.  704.2 for consistency with the 
location of other definitions in part 704.
---------------------------------------------------------------------------

    \16\ The proposed definition is related to the definition of 
control in the Federal Deposit Insurance Act for notices filed under 
the Change in Bank Control Act. 12 U.S.C. 1817(j).
---------------------------------------------------------------------------

    Credit Union Service Organization (CUSO). The proposed rule would 
define the term CUSO for purposes of part 704. Under the proposed rule, 
a CUSO would mean both a NP CUSO under part 712 and a corporate CUSO 
under part 704.11. The proposed definition makes it clear that the term 
CUSO applies to both NP CUSOs and corporate CUSOs unless otherwise 
stated. For example, when calculating tier 1 capital under part 704, a 
corporate credit union must deduct, in part, investments in any 
``unconsolidated CUSO.'' By using the term ``CUSO,'' instead of the 
defined terms ``corporate CUSO'' and ``consolidated CUSO,'' the 
proposed rule should be clear that a corporate credit union must deduct 
unconsolidated investments in both a NP CUSO and a corporate CUSO.
Sec. Sec.  704.5 Investments, 704.6 Credit Risk Management, and 704.7 
Lending
    The proposed rule would remove references to corporate CUSOs and 
instead refer to the general term CUSO because those provisions would 
continue to apply to a corporate credit union investing in and lending 
to both NP CUSOs and corporate CUSOs, as explained in detail below in 
the discussion of the proposed changes to Sec.  704.11.
Sec.  704.11 Credit Union Service Organizations (CUSOs)
    Under the proposed rule, Sec.  704.11 would be reorganized for 
clarity, however, the substantive requirements for corporate CUSOs 
would not be amended. The intent of the reorganization is to be clear 
that certain requirements apply to a corporate credit union's 
investment in or lending to both NP CUSOs and corporate CUSOs, certain 
requirements apply only to NP CUSOs, and other requirements apply only 
to corporate CUSOs.
    The proposed rule sets forth the requirements for all corporate 
credit union investments in or lending to CUSOs. The proposed rule, in 
Sec.  704.11(a), states that the aggregate investment and lending 
limits apply regardless of whether a corporate credit union's 
investment or loan is to a NP CUSO or a corporate CUSO. The proposed 
rule does not amend the current aggregate limitations on investments 
and lending.\17\ A corporate credit union that has already invested in 
or loaned the maximum permitted under the current rule would not be 
authorized to invest or lend any additional money. Instead, such a 
corporate credit union would have to reallocate its investments or 
loans if it seeks to make any new investments that are prohibited.
---------------------------------------------------------------------------

    \17\ 12 CFR 704.11(b). In general, the aggregate of all 
investments in corporate CUSOs that a corporate credit union may 
make must not exceed 15 percent of a corporate credit union's total 
capital. The aggregate of all investments in and loans to corporate 
CUSOs that a corporate credit union may make must not exceed 30 
percent of a corporate credit union's total capital. A corporate 
credit union may lend to corporate CUSOs an additional 15 percent of 
total capital if the loan is collateralized by assets in which the 
corporate has a perfected security interest under state law.
---------------------------------------------------------------------------

    In Sec.  704.11(b), the proposed rule states that all corporate 
credit union loans to CUSOs are subject to due diligence 
requirements.\18\ The proposed rule, as does the current rule, would 
require corporate credit unions to comply with certain due diligence 
requirements from the NCUA's member business loans rule before making a 
loan to a CUSO. Under the proposed rule, corporate credit unions would 
be subject to the commercial loan policy and due diligence requirements 
in the NCUA's member business loans rule \19\ for lending to both NP 
CUSOs and corporate CUSOs. The board-approved policy must ensure 
corporate credit union lending activities are performed in a safe and 
sound manner by providing for ongoing control, measurement, and 
management of CUSO lending. The policy should also include 
qualifications and experience requirements for personnel involved in 
underwriting, processing, approving, administering, and collecting 
loans to CUSOs. The corporate credit union must also have a loan 
approval process, underwriting standards and risk management processes 
commensurate with the size, scope and complexity of its CUSO lending. 
The Board believes these due diligence requirements are the minimum 
requirements necessary to ensure that corporate credit unions are 
engaging in safe and sound lending practices. The requirements should 
not place a new burden on corporate credit unions because any corporate 
credit union that is currently making a loan to a corporate CUSO should 
be following these basic safety and soundness principles.
---------------------------------------------------------------------------

    \18\ 12 CFR 704.11(c). The current rule includes a cross-
reference to due diligence requirements in the member business loan 
rule. The member business loan rule, however, was updated in 2015 
and the cross-referenced requirements have been removed. 
Accordingly, the proposed rule would update the cross references to 
reflect the revised member business loan rule.
    \19\ 12 CFR 723.4.
---------------------------------------------------------------------------

    In Sec.  704.11(c), the proposed rule would set forth the 
regulations governing corporate credit union investment in and lending 
to NP CUSOs. The proposed rule would state that corporate credit union 
investment in and lending to NP CUSOs are generally subject to part 712 
of this chapter. The intent of this section is to be clear that a CUSO 
is either governed under part 704 as a corporate CUSO, as discussed 
below, or subject to part 712 as a NP CUSO. A corporate credit union 
investment in a CUSO of a state-chartered natural person credit union 
would also be subject to the requirements in part 712.
    In Sec.  704.11(d), the proposed rule, like the current rule, would 
include safety and soundness requirements for corporate credit union 
investments in and loans to corporate CUSOs. In general, the proposed 
rule does not make any substantive changes to the existing prudential 
requirements. The requirements have been reorganized for clarity and as 
part of the general restructuring of Sec.  704.11, but are not 
otherwise substantively amended.\20\
---------------------------------------------------------------------------

    \20\ The proposed rule would include a few non-substantive 
language changes that are only intended to streamline the provision 
and enhance clarity.
---------------------------------------------------------------------------

    Finally, in Sec.  704.11(e), the proposed rule would include one 
new prudential requirement for corporate credit union investments in 
and loans to corporate CUSOs. The proposed rule states that

[[Page 17291]]

any subsidiary of a corporate CUSO would be automatically designated a 
corporate CUSO. The proposed rule also would provide that all tiers or 
levels of a corporate CUSO's structure are subject to the requirements 
for corporate CUSOs. The Board believes this level of oversight is 
necessary for all tiers of a corporate CUSO because corporate CUSOs 
affect not only the health of the investing corporate credit union, but 
also the health of the credit union system as a whole. Many corporate 
CUSOs serve natural person credit unions directly. As stated 
previously, the Board has historically been concerned that some 
activities might migrate from corporate credit unions to CUSOs and 
their subsidiaries, and the Board needs to ensure each layer in the 
corporate structure is subject to certain minimal prudential 
requirements.
Sec.  704.19 Disclosure of Executive Compensation
    Section 704.19 currently requires that each corporate credit union 
annually prepare and maintain a document that discloses the 
compensation of certain employees, including compensation received from 
a corporate CUSO.\21\ The proposal would amend Sec.  704.19 to require 
that employee compensation from either a NP CUSO or a corporate CUSO 
must be reported. The Board notes that under the current rule to 
facilitate this disclosure, Sec.  704.11(g) requires a corporate CUSO 
to disclose compensation paid to any employees that are also employees 
of a corporate credit union lending to, or investing in, the CUSO. This 
provision places the burden of disclosure on the corporate CUSO. The 
proposed rule, however, would not include a similar requirement for NP 
CUSOs.\22\ Accordingly, the dual employee would be required to disclose 
his or her compensation from the NP CUSO for the corporate credit union 
to make the required disclosure.
---------------------------------------------------------------------------

    \21\ 12 CFR 704.19(a).
    \22\ The Board notes, however, that part 712 prohibits officials 
and senior management employees, and their immediate family members 
of an FCU with an outstanding loan or investment from receiving any 
salary, commission, investment income, or other income or 
compensation from the CUSO, either directly or directly. 12 CFR 
712.8.
---------------------------------------------------------------------------

B. Corporate Credit Union Board Representation

    Section 704.14 currently requires that at least a majority of a 
corporate credit union's board members must serve on the corporate 
credit union's board as a representative of a member credit union.\23\ 
In addition, any candidate for a position on the board of a corporate 
credit union must hold a senior management position at a member credit 
union and hold that position at the time he or she is seated on the 
board of a corporate credit union. Currently, only an individual who 
holds the position of chief executive officer, chief financial officer, 
chief operating officer, or treasurer/manager at a member credit union, 
and will hold that position at the time he or she is seated on the 
corporate credit union board if elected, may seek election or re-
election to the corporate credit union board.
---------------------------------------------------------------------------

    \23\ 12 CFR 704.14.
---------------------------------------------------------------------------

    The proposed rule would expand the credit union officials eligible 
to serve on a corporate credit union board. The proposed rule would no 
longer expressly limit the corporate credit union board to the above 
stated positions and instead would include any person in a senior staff 
position at a member credit union. The proposed rule would then list 
the current positions as examples of senior staff positions that are 
eligible to serve on a corporate credit union board. The proposed rule 
also would include two new positions, chief information officer and 
chief risk officer, in the list of examples of senior staff positions 
eligible to serve on a corporate credit union board.
    The Board believes that officials who hold a senior management 
position at a member credit union are qualified individuals who could 
offer expertise as a corporate credit union board member. Not only 
would the corporate credit union members have more flexibility in 
choosing board members, but expanding eligible senior staff positions, 
such as chief information officer and chief risk officer, would widen 
the range of expertise on corporate credit union boards.

C. Enterprise Risk Management

    Section 704.21 requires corporate credit unions to develop and 
follow an enterprise risk management policy.\24\ A corporate credit 
union must also establish an enterprise risk management committee 
(ERMC) and include an independent risk management expert on the 
committee. The Board adopted these requirements in 2011 due to concerns 
that corporate credit unions were not adequately focused on the 
aggregation of exposures across entire institutions, even though the 
Board believed that corporate credit unions were adequately focused on 
individual risk exposures.\25\
---------------------------------------------------------------------------

    \24\ 12 CFR 704.21.
    \25\ 76 FR 23861 (Apr. 29, 2011) and 80 FR 25932 (May 6, 2015).
---------------------------------------------------------------------------

    The current rule includes several specific requirements regarding 
the independent risk management expert on the committee. The risk 
management expert must have at least five years of experience in 
identifying, assessing, and managing risk exposures.\26\ This 
experience must be commensurate with the size of the corporate credit 
union and the complexity of its operations. In addition, the current 
rule provides what constitutes independence. A risk management expert 
qualifies as independent if: (1) The expert reports to the ERMC and to 
the corporate credit union's board of directors; (2) neither the 
expert, nor any immediate family member of the expert, is supervised by 
or has any material business or professional relationship with the 
chief executive officer (CEO) of the corporate credit union, or anyone 
directly or indirectly supervised by the CEO; and (3) neither the 
expert, nor any immediate family member of the expert, has had any of 
the previously described relationships for at least the past three 
years.\27\ The Board specifically included experience and independence 
requirements to ensure the enterprise risk management expert is 
adequately qualified and not influenced by the operational side of the 
corporate credit union.\28\
---------------------------------------------------------------------------

    \26\ 12 CFR 704.21(c).
    \27\ 12 CFR 704.21(d).
    \28\ 76 FR 23861 (Apr. 29, 2011).
---------------------------------------------------------------------------

    The Board, however, no longer believes that it is necessary for 
prescriptive experience requirements and for the risk management expert 
to be independent of the corporate credit union. The Board believes the 
corporate credit union should have more discretion in choosing an 
adequate risk management expert. The Board does not believe that a 
prescriptive five-year experience requirement is necessary. The Board 
believes that corporate credit unions are in the best position to 
determine the appropriate level of experience necessary for the 
position. The proposed rule also would permit the risk management 
expert to report directly to the ERMC.
    Additionally, the Board believes that the effectiveness of risk 
management practices is driven by a multitude of factors, to include 
policies, processes, and qualified knowledge. Many corporate credit 
unions have integrated their enterprise risk management function into 
their business decision making, and at many corporate credit unions, 
internal corporate staff possess the skills and experience to capably 
manage the enterprise risk management program. By and large, corporate 
credit unions have improved their ability to assess risk and 
effectively challenge

[[Page 17292]]

evaluations of risk since the current rule was first adopted. The 
proposed rule would provide the corporate credit unions flexibility to 
choose an internal risk management expert instead of engaging an 
outside consultant.
    The Board, however, notes that even though independence is no 
longer an explicit requirement, for best enterprise risk management 
practices, the expert should have appropriate stature and authority to 
effectively manage and lead an enterprise risk management program. The 
expert must be competent to analyze risks across the institution and 
have the capability to communicate those risks to the board or ERMC 
despite potential influence from the operational side of the corporate 
credit union. The NCUA will evaluate the adequacy of a corporate credit 
union's enterprise risk management practices through the supervisory 
process. Sound risk management is a cornerstone responsibility of a 
credit union's leadership; therefore, CAMEL and risk ratings will 
incorporate the supervisory team's assessment of this area. Weaknesses 
in risk management may result in supervisory actions.

D. Natural Person Credit Union Subordinated Debt Instruments

    The Board recently issued a proposed rule to permit low-income 
designated credit unions, complex credit unions, and new credit unions 
to issue subordinated debt instruments for purposes of regulatory 
capital treatment (subordinated debt NPR).\29\ If the Board adopts the 
proposed rule as final, it expects additional credit unions to begin 
issuing subordinated debt instruments. Therefore, the Board believes it 
is necessary to clarify whether corporate credit unions may purchase 
such instruments and, if so, the treatment of the investments under 
part 704.
---------------------------------------------------------------------------

    \29\ Available at, https://www.ncua.gov/files/publications/regulations/proposed-rule-subordinated-debt.pdf (Feb. 7, 2020).
---------------------------------------------------------------------------

    This proposed rule would create a new definition for the term 
natural person credit union subordinated debt instrument. The proposed 
rule would define a natural person credit union subordinated debt 
instrument as any debt instrument issued by a natural person credit 
union that is subordinate to all other claims against the credit union, 
including the claims of creditors, shareholders, and either the 
National Credit Union Share Insurance Fund (NCUSIF) or the insurer of a 
privately insured credit union. The Board intends for this definition 
to include all instruments issued under the subordinated debt NPR.
    The Board is clarifying that corporate credit unions may purchase 
subordinated debt instruments of natural person credit unions under a 
corporate credit union's lending authority. This authority is derived 
from their lending authority because subordinated debt instruments are 
issued under a natural person credit union's borrowing authority. 
Additionally, natural person credit unions are also permitted to, 
subject to various restrictions and limits, purchase such subordinated 
debt instruments from other natural person credit unions under their 
lending authority. Treating the purchase of such subordinated debt 
instruments as lending would ensure consistent treatment between 
natural person credit unions and corporate credit unions. The proposed 
rule would not explicitly state that a corporate credit union may 
purchase a natural person credit union subordinate debt instrument 
because the Board believes corporate credit unions' current lending 
authority is currently sufficiently broad to include purchasing 
subordinated debt instruments.
    The proposed rule, however, would require that a corporate credit 
union fully deduct the amount of the subordinated debt instrument from 
its tier 1 capital to ensure consistent treatment between investments 
in the capital of other corporate credit unions and natural person 
credit unions. Corporate credit unions are currently required to deduct 
from tier 1 capital any investments in perpetual contributed capital 
and nonperpetual capital accounts that are maintained at other 
corporate credit unions.\30\ The Board believes that investments in 
natural person credit union subordinated debt instruments should be 
treated similarly as such instruments may qualify as regulatory capital 
for the natural person credit union. The Board is also concerned about 
systemic risk if corporate credit unions own a significant amount of 
natural person credit union issued subordinated debt. Finally, a 
natural person credit union subordinated debt instrument would be in a 
first loss position, even before the NCUSIF and any private insurance 
fund or entity. Therefore, an involuntary liquidation of the issuing 
credit union would potentially mean large, and likely total, losses for 
the holders of those subordinated obligations. The Board believes that 
fully deducting such instruments from tier 1 capital will ensure any 
potential losses do not affect the capital position of the investing 
corporate credit union. This measured approach strikes the right 
balance between providing corporate credit unions the flexibility to 
purchase natural person credit union subordinated debt instruments and 
avoiding undue systemic risk to the credit union system.
---------------------------------------------------------------------------

    \30\ See the definition of tier 1 capital in 12 CFR 704.2.
---------------------------------------------------------------------------

E. Approved Corporate CUSO Activities.

    Part 704 does not list the permissible activities for corporate 
CUSOs in the regulatory text of part 704 of the Code of Federal 
Regulations, unlike part 712, which does so for NP CUSOs.\31\ Instead, 
Sec.  704.11 requires that, generally, a corporate CUSO must agree that 
it will limit its services to brokerage services, investment advisory 
services, and other categories of services as preapproved by NCUA and 
published on NCUA's website.\32\ A CUSO that desires to engage in an 
activity not preapproved by NCUA can apply to NCUA for that approval. 
To increase transparency and make it easier for corporate credit unions 
to determine if an activity has previously been determined by the Board 
to be permissible, the proposed rule would replace the permissible 
activities list from the NCUA website with a new appendix to part 704. 
The proposed rule would include a new Appendix D, which would reprint 
the current list of permissible activities and conditions for corporate 
CUSO activities. The Board is not proposing any amendments to the list 
at this time. In the future, the Board would make any additions or 
changes to the list by amending Appendix D through a rulemaking.
---------------------------------------------------------------------------

    \31\ 12 CFR 712.5(b).
    \32\ https://www.ncua.gov/regulation-supervision/corporate-credit-unions/corporate-cuso-activities/approved-corporate-cuso-activities.
---------------------------------------------------------------------------

F. Definition of Collateralized Debt Obligation.

    Corporate credit unions are prohibited from purchasing certain 
overly complex or leveraged investments, including collateralized debt 
obligations (commonly referred to as CDOs).\33\ Under the current rule, 
the term CDO means a debt security collateralized by mortgage-backed 
securities, other asset-backed securities, or corporate obligations in 
the form of nonmortgage loans or debt. The term does not include: (1) 
Senior tranches of Re-REMICs consisting of senior mortgage- and asset-
backed securities; (2) Any

[[Page 17293]]

security that is fully guaranteed as to principal and interest by the 
U.S. Government or its agencies or its sponsored enterprises; or (3) 
Any security collateralized by other securities where all the 
underlying securities are fully guaranteed as to principal and interest 
by the U.S. Government or its agencies or its sponsored 
enterprises.\34\ The proposed rule would amend the definition of CDO to 
clarify that the definition includes both loans and debt securities. 
The proposed rule would change the defined term to ``collateralized 
loan or debt obligation,'' but would not otherwise amend the 
definition. The NCUA Board is aware that there has been confusion among 
industry participants concerning whether collateralized loans meet the 
definition and are therefore prohibited. The Board believes amending 
the name of the defined term clarifies the Board's intent.
---------------------------------------------------------------------------

    \33\ The prohibition on purchasing CDOs was intended to protect 
corporate credit unions from the potential for excessive investment 
losses. 75 FR 64786, 64793 (Oct. 20, 2010).
    \34\ 12 CFR 704.2.
---------------------------------------------------------------------------

G. Net Interest Income Modeling

    Under the current rule, a corporate credit union must perform net 
interest income (NII) modeling to project earnings in multiple interest 
rate environments for a period of no less than two years.\35\ NII 
modeling must, at minimum, be performed quarterly, including once on 
the last day of the calendar quarter. The proposed rule would make a 
change to the timeframe for NII. Under the proposed rule, a corporate 
credit union would not be required to perform NII modeling for two 
years and instead would only be required to perform modeling for one 
year.
---------------------------------------------------------------------------

    \35\ 12 CFR 704.8(e).
---------------------------------------------------------------------------

    The Board is proposing to amend the requirements for NII given that 
corporate credit unions are also subject to weighted average life (WAL) 
limits, which limit asset maturities to less than two years.\36\ Under 
the current rule, a corporate credit union must test its financial 
assets at least quarterly, including once on the last day of the 
calendar quarter, for compliance with this limitation. If the WAL of a 
corporate credit union's assets exceeds two years on the testing date, 
this test must be calculated at least monthly, including once on the 
last day of the month, until the WAL is below two years.
---------------------------------------------------------------------------

    \36\ 12 CFR 704.8(f).
---------------------------------------------------------------------------

    The Board believes that NII modeling performed over a longer period 
than the WAL limits for asset maturities is less useful because the 
corporate credit union would also have to estimate what reinvestments 
would occur over the two-year period beyond simply estimating interest 
cash flows on assets. In addition, corporate credit unions already 
conduct net economic value analyses which capture a long-term view of 
interest rate risk. The Board believes that NII modeling over a one-
year period sufficiently captures a corporate credit union's short-term 
interest rate risk.

III. Request for Comment on the Proposed Rule

    The above proposed changes are consistent with the Board's ongoing 
efforts to reduce regulatory burden while assuring that corporate 
credit unions operate in a safe and sound manner. The Board welcomes 
comment on all aspects of the proposal. The Board is particularly 
interested in comments on the proposed thresholds and definitions and 
is willing to consider alternatives. The Board is requesting comment 
specifically on the following questions.
    1. Is the proposed definition of corporate CUSO appropriate? Does 
it capture the types of corporate credit union investments most likely 
to pose systemic risk to the credit union system? The Board is willing 
to consider amendments to the definition of corporate CUSO.
    2. The proposed definition of a corporate CUSO states that if a 
corporate credit owns 25 percent or more of a CUSO's contributed 
equity, stock, or membership interests, then the CUSO is a corporate 
CUSO. Please comment on whether 25 percent is an appropriate threshold 
for control. Should the Board consider a higher or lower threshold? The 
Board is willing to consider alternative thresholds for the definition 
of corporate CUSO. The Board notes that for some purposes the Federal 
Deposit Insurance Corporation defines control as low as 10 percent of 
an institution's common stock.
    3. How do corporate credit unions structure their investment in 
CUSOs? Is it generally through stock? Contributed equity? Membership 
interests? Are there any types of typical ownership interests excluded 
from the corporate CUSO definition?
    4. The proposed rule would not require NP CUSOs to disclose 
compensation paid to any employees that are also employees of a 
corporate credit union lending to, or investing in, the CUSO. Are 
corporate credit unions able to comply with their annual compensation 
disclosure without receiving the information from NP CUSOs?
    5. Instead of requiring a deduction from capital due to the 
investment in a subordinated debt instrument, should the Board prohibit 
a corporate credit union from investing in such an instrument? 
Prohibiting an investment would limit a corporate credit union's 
flexibility, but would further reduce the potential for systemic risk. 
Please discuss the definition of natural person credit union 
subordinated debt instrument. Does it appropriately capture the 
subordinated debt instruments issued by natural person credit unions 
that are most likely to pose systemic risk? The Board is open to 
alternative treatments for a corporate credit union's investment in 
subordinated debt instruments.
    6. Would a one-year window for NII modeling provide credit unions 
with a more accurate window to project earnings? Should the Board 
consider other timeframes to balance the accuracy of projections with 
the need for corporate credit unions to understand its interest rate 
risk? The Board is willing to consider alternative time periods for 
NII.

VII. Regulatory Procedures

Regulatory Flexibility Act

    The Regulatory Flexibility Act (RFA) generally requires that, in 
connection with a notice of proposed rulemaking, an agency prepare and 
make available for public comment an initial regulatory flexibility 
analysis that describes the impact of a proposed rule on small entities 
(defined for purposes of the RFA to include credit unions with assets 
less than $100 million).\37\ A regulatory flexibility analysis is not 
required, however, if the agency certifies that the rule will not have 
a significant economic impact on a substantial number of small entities 
and publishes its certification and a short, explanatory statement in 
the Federal Register together with the rule.
---------------------------------------------------------------------------

    \37\ See 80 FR 57512 (Sept. 24, 2015).
---------------------------------------------------------------------------

    This proposed rule would not have a significant economic impact on 
a substantial number of small entities. There are no corporate credit 
unions under $100 million in assets. Therefore, the Board certifies 
that the rule will not have a significant economic impact on a 
substantial number of small entities.

Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 (PRA) applies to information 
collection requirements in which an agency creates a new paperwork 
burden on regulated entities or modifies an existing burden. For 
purposes of the PRA, a paperwork burden may take the form of a 
reporting, recordkeeping, or

[[Page 17294]]

third-party disclosure requirement, each referred to as an information 
collection. The NCUA may not conduct or sponsor, and the respondent is 
not required to respond to, an information collection unless it 
displays a currently valid Office of Management and Budget (OMB) 
control number.
    The proposed rule will amend 12 CFR part 704, in part, to address 
minimal investments by a corporate credit union in a CUSO without the 
CUSO being classified as a corporate CUSO. The information collection 
requirements associated with this provision are cleared under OMB 
control number 3133-0129 and there are no other new information 
collection requirements associated with this proposed rule.

Executive Order 13132

    Executive Order 13132 encourages independent regulatory agencies to 
consider the impact of their actions on state and local interests. In 
adherence to fundamental federalism principles, the NCUA, an 
independent regulatory agency as defined in 44 U.S.C. 3502(5), 
voluntarily complies with the principles of the executive order. This 
rulemaking will not have a substantial direct effect on the states, on 
the connection between the national government and the states, or on 
the distribution of power and responsibilities among the various levels 
of government. The NCUA has determined that this proposal does not 
constitute a policy that has federalism implications for purposes of 
the executive order.

Assessment of Federal Regulations and Policies on Families

    The NCUA has determined that this proposed rule will not affect 
family well-being within the meaning of section 654 of the Treasury and 
General Government Appropriations Act, 1999, Public Law 105-277, 112 
Stat. 2681 (1998).

List of Subjects in 12 CFR Part 704

    Credit unions, Corporate credit unions, Reporting and recordkeeping 
requirements.


    By the National Credit Union Administration Board on February 
20, 2020.
Gerard Poliquin,
Secretary of the Board.

    For the reasons discussed above, the Board proposes to amend 12 CFR 
part 704, as follows:

PART 704--CORPORATE CREDIT UNIONS

0
1. The authority citation for part 704 continues to read as follows:

    Authority:  12 U.S.C. 1766(a), 1781, and 1789.

0
2. In Sec.  704.2:
0
 a. Revise the definition of Collateralized Debt Obligation, 
Consolidated Credit Union Service Organization and Tier 1 Capital; and
0
b. Add definitions for Corporate CUSO, Credit Union Service 
Organization (CUSO), and Natural Person Credit Union Subordinated Debt 
Instrument, in alphabetical order, to read as follows:


Sec.  704.2  Definitions.

* * * * *
    Collateralized Debt and Loan Obligation (CDLO) means a debt 
security collateralized by mortgage-backed securities, other asset-
backed securities, or corporate obligations in the form of nonmortgage 
loans or debt. For purposes of Part 704, the term CDLO does not 
include:
    (1) Senior tranches of Re-REMIC's consisting of senior mortgage-and 
asset-backed securities;
    (2) Any security that is fully guaranteed as to principal and 
interest by the U.S. Government or its agencies or its sponsored 
enterprises; or
    (3) Any security collateralized by other securities where all the 
underlying securities are fully guaranteed as to principal and interest 
by the U.S. Government or its agencies or its sponsored enterprises.
* * * * *
    Consolidated Credit Union Service Organization (Consolidated CUSO) 
means any CUSO the assets of which are consolidated with those of the 
corporate credit union for purposes of reporting under Generally 
Accepted Accounting Principles (GAAP). Generally, consolidated CUSOs 
are majority-owned CUSOs.
* * * * *
    Corporate CUSO means a CUSO, as defined in part 712, that:
    (1) Is a consolidated CUSO;
    (2) A corporate credit union has the power, directly or indirectly, 
to direct the CUSO's management or policies;
    (3) A corporate credit union owns 25 percent or more of the CUSO's 
contributed equity, stock, or membership interests; or
    (4) The aggregate corporate credit union ownership meets or exceeds 
50 percent of the CUSO's contributed equity, stock, or membership 
interests.
    Credit union service organization (CUSO) means both a CUSO under 
part 712 and a corporate CUSO under part 704.
* * * * *
    Natural Person Credit Union Subordinated Debt Instrument is any 
debt instrument issued by a natural person credit union that is 
subordinate to all other claims against the credit union, including the 
claims of creditors, shareholders, and either the National Credit Union 
Share Insurance Fund or the insurer of a privately insured credit 
union.
* * * * *
    Tier 1 capital means the sum of items in paragraphs (1) and (2) of 
this definition from which items in paragraphs (3) through (7) are 
deducted:
    (1) Retained earnings;
    (2) Perpetual contributed capital;
    (3) Deduct the amount of the corporate credit union's intangible 
assets that exceed one half percent of its moving daily average net 
assets (however, the NCUA may direct the corporate credit union to add 
back some of these assets on the NCUA's own initiative, or the NCUA's 
approval of petition from the applicable state regulator or application 
from the corporate credit union);
    (4) Deduct investments, both equity and debt, in unconsolidated 
CUSOs;
    (5) Deduct an amount equal to any PCC or NCA that the corporate 
credit union maintains at another corporate credit union;
    (6) Deduct any amount of PCC received from federally insured credit 
unions that causes PCC minus retained earnings, all divided by moving 
daily average net assets, to exceed two percent when a corporate credit 
union's retained earnings ratio is less than two and a half percent; 
and
    (7) Deduct any natural person credit union subordinated debt 
instrument held by the corporate credit union.
* * * * *
0
3. Revise Sec.  704.5(c)(3) to read as follows:


Sec.  704.5  Investments.

* * * * *
    (c) * * *
    (1) * * *
    (2) * * *
    (3) CUSOs, subject to the limitations of Sec.  704.11;
* * * * *
0
4. In Sec.  704.6(c)(2)(vi), remove the word ``corporate'' before the 
word ``CUSO.''
0
5. In Sec.  704.7, remove the word ``corporate'' before the word 
``CUSO'' each place the word appears.
0
6. In Sec.  704.8(e) replace the phrase ``no less than 2 years'' with 
``no less than 1 year.''
0
7. Revise Sec.  704.11 to read as follows:


Sec.  704.11  Credit Union Service Organizations (CUSOs).

    (a) Investment and loan limitations. (1) The aggregate of all 
investments in

[[Page 17295]]

member and non-member CUSOs that a corporate credit union may make must 
not exceed 15 percent of a corporate credit union's total capital.
    (2) The aggregate of all investments in and loans to member and 
nonmember CUSOs a corporate credit union may make must not exceed 30 
percent of a corporate credit union's total capital. A corporate credit 
union may lend to member and nonmember CUSOs an additional 15 percent 
of total capital if the loan is collateralized by assets in which the 
corporate has a perfected security interest under state law.
    (3) If the limitations in paragraphs (a)(1) and (a)(2) of this 
section are reached or exceeded because of the profitability of the 
CUSO and the related GAAP valuation of the investment under the equity 
method without an additional cash outlay by the corporate, divestiture 
is not required. A corporate credit union may continue to invest up to 
the regulatory limit without regard to the increase in the GAAP 
valuation resulting from the CUSO's profitability.
    (b) Due diligence. A corporate credit union must comply with the 
commercial loan policy and due diligence requirements of Sec.  723.4 of 
this chapter for all loans to CUSOs.
    (c) Requirements for CUSOs that are not corporate CUSOs. Corporate 
credit union investments in and lending to CUSOs that are not corporate 
CUSOs are subject to part 712 of this chapter, except that investment 
and loan limitations and due diligence requirements are governed by 
this section.
    (d) Requirements for Corporate CUSOs. Corporate credit union 
authority to invest in or loan to a corporate CUSO is limited to that 
provided in this section.
    (1) Structure. A corporate CUSO must be structured as a 
corporation, limited liability company, or limited partnership under 
state law.
    (2) Separate entity. (i) A corporate CUSO must be operated as an 
entity separate from a corporate credit union.
    (ii) A corporate credit union investing in or lending to a 
corporate CUSO must obtain a written legal opinion that concludes the 
corporate CUSO is organized and operated in a manner that the corporate 
credit union will not reasonably be held liable for the obligations of 
the corporate CUSO. This opinion must address factors that have led 
courts to ``pierce the corporate veil,'' such as inadequate 
capitalization, lack of corporate identity, common boards of directors 
and employees, control of one entity over another, and lack of separate 
books and records.
    (3) Permissible activities. (i) A corporate CUSO must agree to 
limit its activities to:
    (1) Brokerage services,
    (2) Investment advisory services, and
    (3) Other categories of activities as approved in writing by NCUA 
and as reflected in Appendix D.
    (ii) Once the NCUA has approved an activity and published that 
activity on its website, the NCUA will not remove that particular 
activity from the approved list, or make substantial changes to the 
content or description of that approved activity, except through the 
formal rulemaking process.
    (4) Compensation Restrictions. An official of a corporate credit 
union which has invested in or loaned to a corporate CUSO may not 
receive, either directly or indirectly, any salary, commission, 
investment income, or other income, compensation, or consideration from 
the corporate CUSO. This prohibition also extends to immediate family 
members of officials.
    (5) Written Agreement between the Corporate Credit Union and 
Corporate CUSO. Prior to making an investment in or loan to a corporate 
CUSO, a corporate credit union must obtain a written agreement that the 
corporate CUSO:
    (i) Will follow GAAP;
    (ii) Will provide financial statements to the corporate credit 
union at least quarterly;
    (iii) Will obtain an annual CPA opinion audit and provide a copy to 
the corporate credit union. A consolidated CUSO is not required to 
obtain a separate annual audit if it is included in the corporate 
credit union's annual audit;
    (iv) Will provide the reports as required by Sec.  712.3(d)(4) and 
(5) of this chapter;
    (v) Will not acquire control, directly or indirectly, of another 
depository financial institution or to invest in shares, stocks, or 
obligations of an insurance company, trade association, liquidity 
facility, or similar organization;
    (vi) Will allow the auditor, board of directors, and NCUA complete 
access to the CUSO's personnel, facilities, equipment, books, records, 
and any other documentation that the auditor, directors, or NCUA deem 
pertinent;
    (vii) Will inform the corporate, at least quarterly, of all the 
compensation paid by the CUSO to its employees who are also employees 
of the corporate credit union; and
    (viii) Will comply with all the requirements of this section.
    (e) Subsidiary Restrictions. Any subsidiary of a corporate CUSO is 
automatically designated a corporate CUSO and subject to all the 
requirements of this section. The requirements of this section apply to 
all tiers or levels of a corporate CUSO's structure.
0
8. Revise Sec.  704.14(a)(2) to read as follows:


Sec.  704.14  Representation.

* * * * *
    (a) * * *
    (1) * * *
    (2) Only an individual who currently holds a senior staff position 
(e.g., position of chief executive officer, chief financial officer, 
chief operating officer, chief information officer, chief risk officer, 
treasurer/manager, etc.) at a member credit union, and will hold that 
position at the time he or she is seated on the corporate credit union 
board if elected, may seek election or re-election to the corporate 
credit union board;
* * * * *
0
9. In Sec.  704.19, remove the word ``corporate'' before the word 
``CUSO''.
0
10. In Sec.  704.21, revise paragraph (c) and remove paragraphs (d) and 
(e) to read as follows:


Sec.  704.21  Enterprise risk management.

* * * * *
    (a) * * *
    (b) * * *
    (c) The ERMC must include at least one risk management expert who 
can report directly to the board of directors. The risk management 
expert's experience must be commensurate with the size of the corporate 
credit union and the complexity of its operations.
0
11. Add Appendix D to read as follows:

Appendix D: Approved Corporate CUSO Activities.

Category--Clerical, Professional, & Management

    A corporate CUSO may engage in the following clerical, 
professional, and management activities:
    1. Business Consulting Services: Offering consulting services in 
support of business development, strategic planning, industry analysis, 
and operational efficiency.
    2. Human Resources Services: Services addressing human capital 
needs, reporting, and management considerations to include development 
of policies, procedures, and employee manuals.
    3. Insurance Brokerage or Agency Referrals: Making third party 
insurance services or products available. This may include endorsing a 
product or service, negotiating group discounts and making referrals.

[[Page 17296]]

    4. Marketing and Research Services: Systematically gathering, 
recording, and analyzing data about issues relating to marketing credit 
union products and services to identify and assess how changing 
elements of the marketing mix affect member behavior. Producing reports 
of research, making recommendations for marketing strategies, and other 
similar market and research services.
    5. Payroll Services: Management of payroll processing, reporting, 
and tax filing;
    6. Training Services: Furnishing pre-packaged training products, 
developing new or customizing existing training products/modules, and 
facilitating education and training of credit union staff.
    7. Audit & Compliance Consulting Services: Performing, as requested 
and agreed upon in predetermined scope arrangement, audits (internal, 
operational, financial, or compliance). Providing education and 
consultation services for developing statutory and regulatory 
compliance programs related to the Bank Secrecy Act, Anti Money 
Laundering provision, Office of Foreign Asset Control, and U.S. Patriot 
Act.
    8. Product Development Services: Research and development of 
products and services specific to the needs of credit unions and their 
members/consumers.
    A corporate credit union may engage in the following currency 
services:
    1. Coin and Currency Services: Providing replenishment or deposit 
of excess coin and cash. This may include vault cash orders, ATM 
replenishments, and other similar services. Coin and currency services 
may be offered through agreement with another financial institution, 
direct with the Federal Reserve, through an armored car service 
agreement, or other similar arrangement.
    2. A corporate credit union may only engage in coin and currency 
services if it meets the following conditions:
    a. Maintain bond/liability insurance as appropriate.
    b. Annually provide OCCU copy of bond/liability insurance.
    A corporate credit union may engage in the following data 
processing services:
    1. Electronic Document Management: Providing document and record 
management systems which may allow for document archival, reporting, 
secure remote access, and similar services.
    2. Core processing: Offering a back-end system in a service bureau 
environment used to process and record daily transactions, and post 
updates to accounts and other financial records. This typically 
includes deposit, loan and credit-processing capabilities, with 
interfaces to general ledger systems and reporting tools, and may allow 
for or integrate with front-end member access platforms, subject to the 
following conditions:
    a. Maintain business recovery plan ensuring uninterrupted 
operations.
    b. Maintain bond/liability insurance appropriate for activity.
    c. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    d. Annually provide OCCU copy of bond/liability insurance, business 
contingency plans & test results.
    A corporate credit union may engage in the following lending and 
deposit services:
    1. Business Banking--Consulting and Turnkey Services: Provide 
either in-house, or through turnkey operation, suite of financial 
products. Products may include loan products, risk monitoring, and 
consulting services for business loan, deposit, payment and cash 
management products, provided that the corporate CUSO comply with the 
Member Business Loan Regulation--Part 723 of the NCUA Rules and 
Regulations.
    2. Business loan origination: Provide business loan consulting and 
origination services. Examples of business loan origination include 
commercial real estate, term loans, lines of credit, construction, 
agriculture, SBA loans, and loan participation servicing and brokering, 
provided that the corporate CUSO comply with the Member Business Loan 
Regulation--Part 723 of the NCUA Rules and Regulations.
    3. Business Loan Support Services: Provide business loan processing 
and sales to include pre- and post closing underwriting, risk 
monitoring reports, document preparation, and servicing. Loan support 
services may also include debt collection services and sale of 
repossessed collateral.
    A corporate credit union may engage in the following payments and 
electronic transaction services:
    1. Automated Clearing House (ACH): Providing services for the 
receipt, processing, distribution, and settlement of electronic credits 
and debits among financial institutions for final posting to business 
entities, credit unions and members/consumers. Activities include 
receipt of ACH files; file distribution; receipt and processing of 
returned items and notification of change files; offering and/or 
processing ACH origination files; assisting with ACH exceptions and 
transaction disputes; providing settlement of ACH files; and other 
similar ACH services, subject to the following conditions:
    a. Restrict CUSO ownership to one corporate unless approved by 
NCUA.
    b. Comply with NACHA rules.
    c. Maintain Business Continuity/Disaster Recovery plan ensuring 
uninterrupted operations.
    d. Comply with the Security Program Requirements--Part 748 to 
safeguard consumer information.
    e. Maintain bond/liability insurance as appropriate.
    f. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    g. Annually provide OCCU copy of bond/liability insurance, report 
on controls at a service organization, business continuity plans and 
test results.
    h. Utilize distributed settlement model if providing services to 
other corporate credit unions.
    2. Wire Transfer Services (Domestic and International): 
Electronically transferring funds through the Federal Reserve Bank, 
other financial institution, or other similar third-party funds 
transfer agent (i.e., Western Union, etc.) directly to a domestic or 
foreign financial institution or receiving transfer agent with final 
credit to business entities, credit unions, and member/consumers, 
subject to the following conditions:
    a. Restrict CUSO ownership to one corporate unless approved by 
NCUA.
    b. Maintain Business Continuity/Disaster Recovery plan ensuring 
uninterrupted operations.
    c. Comply with the Security Program Requirements--Part 748 to 
safeguard consumer information.
    d. Comply with NCUA and FFIEC Guidance for Authentication in an 
Internet Banking Environment as applicable.
    e. Prefund transactions prior to processing.
    f. Maintain bond/liability insurance as appropriate.
    g. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    h. Annually provide OCCU copy of bond/liability insurance, report 
on controls at a service organization, business continuity plans and 
test results.
    3. Forward Check Collection/Remote Deposit Capture Services: 
Offering a suite of image, electronic, and paper forward check 
processing, collection, clearing, settlement, adjustment, and reporting 
services. Deposit processing may occur as either ``traditional'' paper 
processing, electronic truncation, or image capture, processing, and

[[Page 17297]]

transmission of check images from remote or centralized locations. 
Remote deposit capture services may include branch, teller, merchant, 
ATM, and consumer capture, and other similar forward check collection 
services. Activities may include resale of equipment through negotiated 
agreement, bundled services, and support agreements, subject to the 
following conditions:
    a. Restrict CUSO ownership to one corporate unless approved by 
NCUA.
    b. Comply with Federal Reserve Operating circulars and/or image 
clearing house operating agreements.
    c. Maintain Business Continuity/Disaster Recovery plan ensuring 
uninterrupted operations.
    d. Comply with the Security Program Requirements--Part 748 to 
safeguard consumer information.
    e. Comply with NCUA and FFIEC Guidance for Authentication in an 
Internet Banking Environment as applicable.
    f. Maintain bond/liability insurance as appropriate.
    g. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    h. Annually provide OCCU copy of bond/liability insurance, report 
on controls at a service organization, business continuity plans and 
test results.
    i. Utilize distributed settlement model if providing services to 
other corporate credit unions.
    4. Share Draft (Check) Processing: Offering inclearing services for 
the receipt and processing of share drafts (checks) either as 
electronic images or physical checks received from the Federal Reserve 
Bank, image exchange networks, or through direct presentment 
arrangements with other financial institutions. Services include 
receipt and processing of inclearing checks for file distribution, 
processing of return files, adjustments, dispute resolution assistance, 
financial settlement of files, and other similar services, subject to 
the following conditions:
    a. Restrict CUSO ownership to one corporate unless approved by 
NCUA.
    b. Comply with Federal Reserve Operating circulars and/or image 
clearing house operating agreements.
    c. Maintain Business Continuity/Disaster Recovery plan ensuring 
uninterrupted operations.
    d. Comply with the Security Program Requirements--Part 748 to 
safeguard consumer information.
    e. Comply with NCUA and FFIEC Guidance for Authentication in an 
Internet Banking Environment as applicable.
    f. Maintain bond/liability insurance as appropriate.
    g. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    h. Annually provide OCCU copy of bond/liability insurance, report 
on controls at a service organization, business continuity plans and 
test results.
    i. Utilize distributed settlement model if providing services to 
other corporate credit unions.
    5. Share Draft, Check Imaging, and Archival Services: Providing 
services for capturing and storing images of physical share drafts or 
checks for the purpose of facilitating forward check collection, 
maintaining electronic archives, and facilitating electronic access to 
check images for consumers' statements, integration with internet 
banking websites, and other similar purposes. Service may also include 
creating copies of archival history to facilitate ``in-house'' storage 
or transfers to new third-party service providers, subject to the 
following conditions:
    a. Restrict CUSO ownership to one corporate unless approved by 
NCUA.
    b. Comply with Federal Reserve Operating circulars and/or image 
clearing house operating agreements.
    c. Maintain Business Continuity/Disaster Recovery plan ensuring 
uninterrupted operations.
    d. Comply with the Security Program Requirements--Part 748 to 
safeguard consumer information.
    e. Comply with NCUA and FFIEC Guidance for Authentication in an 
internet Banking Environment as applicable.
    f. Maintain bond/liability insurance as appropriate.
    g. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    h. Annually provide OCCU copy of bond/liability insurance, report 
on controls at a service organization, business continuity plans and 
test results.
    6. Share Draft Fraud and Risk Management Services: Offering 
complementary services for share draft processing designed to identify 
and prevent checking account fraud and losses during the share draft 
clearing process, subject to the following conditions:
    a. Maintain Business Continuity/Disaster Recovery plan ensuring 
uninterrupted operations.
    b. Comply with the Security Program Requirements--Part 748 to 
safeguard consumer information.
    c. Maintain bond/liability insurance as appropriate.
    d. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    e. Annually provide OCCU copy of bond/liability insurance, report 
on controls at a service organization, business continuity plans and 
test results.
    7. Official Check Services: Offering business share drafts 
(checks), official checks, and money order programs to include 
processing, clearing, and settlement of items, maintaining list of 
issued drafts, and providing daily reports for reconciliation, subject 
to the following conditions:
    a. Maintain Business Continuity/Disaster Recovery plan ensuring 
uninterrupted operations.
    b. Comply with the Security Program Requirements--Part 748 to 
safeguard consumer information.
    c. Maintain bond/liability insurance as appropriate.
    d. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    e. Annually provide OCCU copy of bond/liability insurance, report 
on controls at a service organization, business continuity plans and 
test results.
    8. Lockbox & Remittance Services: Providing wholesale or small 
batch retail remittance processing services. Service includes receiving 
and processing payments, providing reports or files of activity, 
depositing of funds, and forward collection of items, subject to the 
following conditions:
    a. Maintain Business Continuity/Disaster Recovery plan ensuring 
uninterrupted operations.
    b. Comply with the Security Program Requirements--Part 748 to 
safeguard consumer information.
    c. Maintain bond/liability insurance as appropriate.
    d. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    e. Annually provide OCCU copy of bond/liability insurance, report 
on controls at a service organization, business continuity plans and 
test results.
    9. Online & Mobile Banking: Offering internet-based technological 
services which may provide real-time, 24/7 access to consumers' 
financial information. This includes the ability to manage a variety of 
transactional and non-transactional activities within and between 
accounts which may include electronic transfers, payments, on-line loan 
applications, and other similar banking activities. Access to accounts 
may be through internet web applications and/or portable electronic

[[Page 17298]]

devices, subject to the following conditions:
    a. Maintain Business Continuity/Disaster Recovery plan ensuring 
uninterrupted operations.
    b. Comply with the Security Program Requirements--Part 748 to 
safeguard consumer information.
    c. Comply with NCUA and FFIEC Guidance for Authentication in an 
internet Banking Environment as applicable.
    d. Maintain bond/liability insurance as appropriate.
    e. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    f. Annually provide OCCU copy of bond/liability insurance, report 
on controls at a service organization, business continuity plans and 
test results.
    10. Bill Pay and Electronic Bill Presentment and Payment (EBPP) 
Services: Offering services to allow consumers to send money to a 
creditor or vendor to be credited against a specific account. Bill 
payments may be executed electronically, via paper check or banker's 
draft, or other similar electronic payment means. Services may also 
include electronically presenting bills and/or billing statements, 
subject to the following conditions:
    a. Maintain Business Continuity/Disaster Recovery plan ensuring 
uninterrupted operations.
    b. Comply with the Security Program Requirements--Part 748 to 
safeguard consumer information.
    c. Comply with NCUA and FFIEC Guidance for Authentication in an 
internet Banking Environment as applicable.
    d. Maintain bond/liability insurance as appropriate.
    e. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    f. Annually provide OCCU copy of bond/liability insurance, report 
on controls at a service organization, business continuity plans and 
test results.
    11. Electronic Statements/Paper Statements: Providing electronic 
and paper delivery of periodic account statements, subject to the 
following conditions:
    a. Comply with the Security Program Requirements--Part 748 to 
safeguard consumer information.
    b. Comply with NCUA and FFIEC Guidance for Authentication in an 
internet Banking Environment as applicable.
    c. Maintain bond/liability insurance as appropriate.
    d. Annually provide OCCU copy of bond/liability insurance, business 
continuity plans and test results.
    12. Credit Card, Debit Card, and Gift or Prepaid Card Program 
Services: Offering debit, credit, and gift or prepaid card programs and 
processing to include: access to card networks and gateways, 
authorization and settlement of signature debit transactions, including 
settlement of related funds; fraud monitoring, risk management, and 
case support services to include neural networks and charge-back 
processing services; back office card support and management, 
reconciliation of daily settlement and adjustment processing; card 
maintenance, issuance, and transaction reports; card program project 
management and implementation; and other similar services. Gift or 
prepaid cards may be reloadable or non-reloadable, subject to the 
following conditions:
    a. Maintain Business Continuity/Disaster Recovery plan ensuring 
uninterrupted operations.
    b. Maintain bond/liability insurance as appropriate.
    c. Maintain and certify compliance with current PCI/DSS (Payment 
Card Industry/Data Security Standards).
    d. Maintain neural network or other industry standard fraud 
detection system.
    e. Comply with network processing agreements and standards.
    f. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    g. Annually provide OCCU copy of bond/liability insurance, business 
continuity plans and test results, report on controls at a service 
organization, and PCI/DSS compliance certification.
    13. Automated Teller Machine (ATM), Electronic Funds Transfer 
(EFT), and Point of Sale (POS) Services and Networks: Offering programs 
that allow access to a network of EFT terminals and ATMs to initiate 
PIN-based debit or ATM card transactions. ATM services include 
utilizing a shared ATM network, setting up a private ATM network, 
monitoring of ATM connectivity and availability, including the 
management of telecom circuits and modems, assisting with the 
implementation of new ATMs, ensuring data security and integrity, 
providing network access, authorization of PIN transactions completed 
at ATMs, including settlement of related funds. Other services include 
fraud monitoring of PIN transactions, adjustment and dispute resolution 
processing to include card blocking, chargeback processing, related 
research and other similar services, subject to the following 
conditions:
    a. Maintain Business Continuity/Disaster Recovery plan ensuring 
uninterrupted operations.
    b. Maintain bond/liability insurance as appropriate.
    c. Maintain and certify compliance with current PCI/DSS.
    d. Maintain neural network or other industry standard fraud 
detection system.
    e. Comply with network processing agreements and standards.
    f. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    g. Annually provide OCCU copy of bond/liability insurance, business 
continuity plans and test results, report on controls at a service 
organization, and PCI/DSS compliance certification.
    14. Shared Branching Services: Providing for the sharing of 
infrastructure to establish a private, secure, cooperative processing 
network that accepts transactions from members of participating credit 
unions. Shared branching functionality includes conducting deposits, 
account balance inquiries, and check cashing, and requesting funds 
transfers, official checks, or other similar services, subject to the 
following conditions:
    a. Maintain Business Continuity/Disaster Recovery plan ensuring 
uninterrupted operations.
    b. Comply with the Security Program Requirements--Part 748 to 
safeguard consumer information.
    c. Comply with NCUA and FFIEC Guidance for Authentication in an 
internet Banking Environment as applicable.
    d. Maintain and certify compliance with current PCI/DSS network 
standards or other similar shared network security standard, if 
applicable.
    e. Maintain bond/liability insurance as appropriate.
    f. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    g. Annually provide OCCU copy of bond/liability insurance, business 
continuity plans and test results, report on controls at a service 
organization, and PCI/DSS compliance certification, if applicable.
    A corporate credit union may engage in the following information 
technology services:
    1. Web Development, Hosting, & Content Management: Developing and 
designing non-transaction public websites, private or internal 
websites, and web applications. Website hosting to include maintaining 
the servers and html code for public and private

[[Page 17299]]

websites, intranets, and Web applications used on customer websites. 
Offering web content management (WCM) systems to simplify the 
publication of web content and updates to websites and mobile devices, 
subject to the following conditions:
    a. Maintain business recovery plan ensuring uninterrupted 
operations.
    b. Maintain bond/liability insurance appropriate for activity.
    c. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    d. Annually provide OCCU copy of bond/liability insurance, business 
contingency plans & test results.
    2. Web Authentication & Security Monitoring: Web security and 
monitoring services such as authentication and encryption of passwords 
and other similar techniques for secure member login to intranets, 
extranets, and private websites; host based intrusion protection and 
detection; log monitoring; hacker-safe monitoring programs; and 
configuration and daily administration web security and other similar 
monitoring services, subject to the following conditions:
    a. Comply with the Security Program Requirements--Part 748 of the 
NCUA Rules and Regulations.
    b. Comply with NCUA and FFIEC Guidance for Authentication in an 
internet Banking Environment as applicable.
    c. Maintain bond/liability insurance appropriate for activity.
    d. Adhere to AICPA audit standards for reporting on controls at a 
service organization.
    e. Annually provide OCCU copy of bond/liability insurance, business 
contingency plans & test results.
    3. Software Systems Development/Application Programming Interface 
(API) Development: Designing, coding, testing and updating custom 
software system data programs and other code (e.g., scripts). 
Application Programming Interface (API) development includes 
developing, testing, and updating custom applications which interface 
with other existing systems and applications such as core processing 
systems, subject to the following conditions:
    a. Comply with the Security Program Requirements--Part 748 of the 
NCUA Rules and Regulations.
    b. Conduct independent code review for custom software systems and 
applications.
    c. Adhere to audit standards for third-party service providers.
    d. Maintain source code for custom developed software systems in 
escrow or in similar arrangement.
    4. Secure Collaboration Services: Programs, systems, or sites for 
establishing secure communication channels for private document storage 
and distribution, and dissemination of confidential or sensitive 
information for the purpose of collaboration between authorized 
parties, provided that the corporate CUSO complies with the Security 
Program Requirements--Part 748 of the NCUA Rules and Regulations.
    5. Information Technology (IT) Consulting and Management Services: 
Consulting and management services for IT infrastructure design and 
architecture, system security, administration, support, resource 
management and monitoring. Services include offering Software as a 
Service (SaaS), Infrastructure as a Service (IaaS), Platform as a 
Service (PaaS), and planning and management, and the provisioning of 
hardware and software for business continuity planning to include 
online data backup and recovery services, subject to the following 
conditions:
    a. Comply with the Security Program Requirements--Part 748 and 
Records Preservation Program and Records Retention Appendix--Part 749 
of the NCUA Rules and Regulations.
    b. Maintain bond/liability insurance appropriate for activity.
    c. Annually provide OCCU copy of bond/liability insurance, vendor 
due diligence reports, security program, business contingency plans & 
test results.
    A corporate credit union may engage in the following investment/ALM 
services:
    1. Asset Liability Management (ALM) Consulting, Advisory, and 
Reporting Services: Consulting, advisory, and reporting services for 
balance sheet and interest rate risk management. This includes ALM 
interest rate risk modeling, measurement, and reporting; ALM model 
validation services; consulting services for ALM policy development, 
core deposit studies, lending pool analysis and valuations, and other 
similar services.

[FR Doc. 2020-03837 Filed 3-26-20; 8:45 am]
BILLING CODE 7535-01-P