Corporate Credit Unions, 17288-17299 [2020-03837]
Download as PDF
<![CDATA[
17288
Proposed Rules
Federal Register
Vol. 85, No. 60
Friday, March 27, 2020
This section of the FEDERAL REGISTER
contains notices to the public of the proposed
issuance of rules and regulations. The
purpose of these notices is to give interested
persons an opportunity to participate in the
rule making prior to the adoption of the final
rules.
NATIONAL CREDIT UNION
ADMINISTRATION
12 CFR Part 704
RIN 3133–AF13
Corporate Credit Unions
National Credit Union
Administration (NCUA).
ACTION: Proposed rule.
AGENCY:
The NCUA Board (Board) is
seeking comment on a proposed rule
that would amend the NCUA’s
corporate credit union regulation. The
proposed rule would update, clarify,
and simplify several provisions of the
NCUA’s corporate credit union
regulation, including: Permitting a
corporate credit union to make a
minimal investment in a credit union
service organization (CUSO) without the
CUSO being classified as a corporate
CUSO under the NCUA’s rules;
expanding the categories of senior staff
positions at member credit unions
eligible to serve on a corporate credit
union’s board; amending the minimum
experience and independence
requirement for a corporate credit
union’s enterprise risk management
expert; and requiring a corporate credit
union to deduct certain investments in
subordinated debt instruments issued
by natural person credit unions.
DATES: Comments must be received by
May 26, 2020.
ADDRESSES: You may submit written
comments, identified by RIN 3133–
AF13, by any of the following methods
(Please send comments by one method
only):
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• Fax: (703) 518–6319. Include
‘‘[Your Name]—Comments on Proposed
Rule: Corporate Credit Unions’’ in the
transmittal.
• Mail: Address to Gerard Poliquin,
Secretary of the Board, National Credit
Union Administration, 1775 Duke
khammond on DSKJM1Z7X2PROD with PROPOSALS
SUMMARY:
VerDate Sep<11>2014
15:54 Mar 26, 2020
Jkt 250001
Street, Alexandria, Virginia 22314–
3428.
• Hand Delivery/Courier: Same as
mail address.
Public Inspection: You may view all
public comments on the Federal
eRulemaking Portal at https://
www.regulations.gov as submitted,
except for those we cannot post for
technical reasons. The NCUA will not
edit or remove any identifying or
contact information from the public
comments submitted. You may inspect
paper copies of comments in the
NCUA’s law library at 1775 Duke Street,
Alexandria, Virginia 22314, by
appointment weekdays between 9:00
a.m. and 3:00 p.m. To make an
appointment, call (703) 518–6546, or
send an email to OGCMail@ncua.gov.
FOR FURTHER INFORMATION CONTACT:
Policy and Analysis: Robert Dean,
National Supervision Analyst, Office of
National Examinations and Supervision,
(703) 518–6652; Legal: Rachel
Ackmann, Senior Staff Attorney, Office
of General Counsel, (703) 548–2601; or
by mail at National Credit Union
Administration, 1775 Duke Street,
Alexandria, VA 22314.
SUPPLEMENTARY INFORMATION:
I. Introduction
a. Legal Authority and Background
The Board is issuing this rule
pursuant to its authority under the
Federal Credit Union Act (FCU Act).1
Under the FCU Act, the NCUA is the
chartering and supervisory authority for
Federal credit unions (FCUs) and the
federal supervisory authority for
federally insured credit unions (FICUs).
The FCU Act grants the NCUA a broad
mandate to issue regulations governing
both FCUs and FICUs. Section 120 of
the FCU Act is a general grant of
regulatory authority and authorizes the
Board to prescribe regulations for the
administration of the FCU Act.2 Section
209 of the FCU Act is a plenary grant
of regulatory authority to the NCUA to
issue regulations necessary or
appropriate to carry out its role as share
insurer for all FICUs.3 The FCU Act also
includes an express grant of authority
for the Board to subject federally
chartered central, or corporate, credit
1 12
U.S.C. 1751 et seq.
U.S.C. 1766(a).
3 12 U.S.C. 1789.
2 12
PO 00000
Frm 00001
Fmt 4702
Sfmt 4702
unions to such rules, regulations, and
orders as the Board deems appropriate.4
Part 704 of the NCUA’s regulations
implements the requirements of the
FCU Act regarding corporate credit
unions.5 In 2010, the Board
comprehensively revised the regulations
governing corporate credit unions to
provide longer-term structural
enhancements to the corporate system
in response to the financial crisis of
2007–2009.6 The provisions of the 2010
rule successfully stabilized the
corporate system and improved
corporate credit unions’ ability to
function and provide services to natural
person credit unions. Since 2010, and as
part of the Board’s continuous
reevaluation of its regulation of
corporate credit unions, the Board has
amended part 704 on several occasions.7
Part 704 was last amended in 2017,
when the Board amended corporate
credit union capital standards to change
the calculation of capital after a
consolidation and to set a retained
earnings ratio target in meeting prompt
corrective action (commonly referred to
as PCA) standards.8
b. Regulatory Review
The NCUA reviews all of its existing
regulations every three years. The
NCUA’s Office of General Counsel
maintains a rolling review schedule that
identifies one-third of its existing
regulations for review each year and
provides notice to the public of those
regulations under review so the public
may have an opportunity to comment.
Part 704 was part of the Office of
General Counsel’s 2019 annual
regulatory review.9 The Board received
several comments on updating part 704
as part of the 2019 annual regulatory
review.
II. Proposed Rule
The Board proposes to update, clarify,
and simplify several provisions of part
704. Specifically, the proposed rule
would: (1) Permit a corporate credit
union to make a minimal investment in
a CUSO without the CUSO being
4 12
U.S.C. 1766(a).
CFR part 704.
6 75 FR 64786 (Oct. 20, 2010).
7 See e.g., 80 FR 25932 (May 6, 2015), 80 FR
57283 (Sept. 23, 2015), and 82 FR 55497 (Nov. 22,
2017).
8 82 FR 55497 (Nov. 22, 2017).
9 See, https://www.ncua.gov/regulationsupervision/rules-regulations/regulatory-review.
5 12
E:\FR\FM\27MRP1.SGM
27MRP1
Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules
khammond on DSKJM1Z7X2PROD with PROPOSALS
classified as a corporate CUSO and
subject to heightened NCUA oversight;
(2) expand the categories of senior staff
positions at member credit unions
eligible to serve on a corporate credit
union’s board; (3) remove the
experience and independence
requirement for a corporate credit
union’s enterprise risk management
expert; (4) clarify the treatment of an
investment in a subordinated debt
instrument of a natural person credit
union; (5) codify the current list of
permissible activities for a corporate
CUSO; (6) clarify the definition of a
collateralized debt obligation; and (7)
simplify the requirement for net interest
income modeling. Each proposed
change is discussed in detail below.
A. Minimal Investment in Natural
Person CUSOs
Part 704 includes specific regulations
for a corporate credit union’s
investment and lending activity and
permits a corporate credit union to
invest in and lend to a corporate CUSO.
A corporate CUSO is defined as an
entity that is at least partly owned by a
corporate credit union; primarily serves
credit unions; restricts its services to
those related to the normal course of
business of credit unions; 10 and is
structured as a corporation, limited
liability company, or limited
partnership under state law.11
Similar to natural person credit union
service organizations (NP CUSOs), the
Board cannot regulate corporate CUSOs
directly, but it can, for safety and
soundness reasons, regulate the types of
investments that corporate credit unions
make and whether a corporate credit
union may invest in a CUSO. Part 704
includes several prudential
requirements to ensure corporate credit
union investment in and lending to
corporate CUSOs is safe and sound. For
example, part 704 regulates aggregate
corporate credit union investment in
and lending to corporate CUSOs. Part
704 also includes customer base
requirements, permissible activities,
accounting and audit standards, and
requires NCUA access to corporate
CUSO facilities, books, and records. In
general, many of the prudential
standards for corporate CUSOs are more
restrictive than the standards for NP
CUSOs.12 The Board has historically
10 See,
12 CFR 704.11(e).
CFR 704.11(a).
12 For example, the permissible activities for a
corporate CUSO are more limited than the
permissible activities for a NP CUSO. A corporate
CUSO may seek Board permission to engage in
additional activities, but the process can be
burdensome. In addition, corporate CUSOs are also
subject to more rigorous NCUA oversight. A
11 12
VerDate Sep<11>2014
15:54 Mar 26, 2020
Jkt 250001
imposed more restrictive standards for
corporate CUSOs as they may serve
hundreds or even thousands of natural
person credit unions and pose unique
systemic risk.13 Additionally, core
functions of corporate credit unions that
pose systemic risk could be moved to
corporate CUSOs. The Board has
expressed concern that the movement of
these core functions to entities that are
not directly regulated by the NCUA
could increase the systemic risk
associated with corporate CUSOs, and
the Board wants to ensure it has a
degree of oversight and control of these
activities.14
As stated above, a corporate CUSO is
defined as an entity that is at least partly
owned by a corporate credit union;
primarily serves credit unions; restricts
its services to those related to the
normal course of business of credit
unions; and is structured as a
corporation, limited liability company,
or limited partnership under state law.15
The definition is broad and includes no
exception for de minimus, noncontrolling equity investments.
Accordingly, any corporate credit union
equity interest in a CUSO, regardless of
how small a share of the CUSO the
corporate credit union owns, is
sufficient to designate the CUSO as a
corporate CUSO and subject it to
additional requirements under part 704.
The proposed rule would amend the
definition of corporate CUSO so that a
corporate credit union could make a de
minimus, non-controlling investment in
a NP CUSO without the CUSO being
deemed a corporate CUSO. The Board
has reconsidered its position that any
corporate credit union investment in a
CUSO must be subject to enhanced
standards under part 704. The Board
believes that a corporate credit union’s
non-controlling investment would not
pose the same systemic risks to the
credit union system as a controlling
investment. It is unlikely that a
corporate credit union would move its
essential functions into a non-controlled
CUSO.
The Board has also considered the
benefits of permitting corporate credit
corporate CUSO must agree to give the NCUA
complete access to its personnel, facilities,
equipment, books, records, and other
documentation that the NCUA deems pertinent. In
contrast, NP CUSOs must provide the NCUA with
complete access to its books and records and the
ability to review its internal controls, as deemed
necessary by the NCUA. Finally, corporate CUSOs
must provide quarterly financial statements to the
corporate credit union. In contrast, NP CUSOs must
prepare quarterly financial statements, but do not
have to provide the statements to FCUs.
13 74 FR 65210 (Dec. 9, 2009).
14 Id.
15 12 CFR 704.11(a).
PO 00000
Frm 00002
Fmt 4702
Sfmt 4702
17289
unions to make de minimus, noncontrolling investments in NP CUSOs.
Compared to corporate CUSOs, NP
CUSOs are permitted to engage in a
broader range of permissible activities
and services. Consequently, NP CUSOs
are often a source of collaboration and
innovation among FICUs that may result
in the origination of new products and
services. To compete effectively in
today’s technology-based financial
service market, FICUs may need to rely
increasingly on pooling their resources
to fund CUSOs and to build the
necessary infrastructure. The costs for
research and development, acquisition,
implementation, and specialized staff
capable of managing these new
technologies may be prohibitive for all
but a very few of the largest FICUs.
CUSOs may provide the means for
FICUs to collectively address these
challenges and may enable FICUs to
collaboratively develop technologies
that better serve their members.
Without the opportunity to invest in
NP CUSOs, a corporate credit union
may be restricted in its ability to
participate in this process. The Board
believes that by expanding corporate
credit union investment authorities,
while still maintaining necessary
safeguards, corporate credit unions will
be in a better position to participate in
the development of new products and
services. NP CUSOs would also benefit
from a larger pool of potential investors,
which may enable further research and
development during this period of rapid
technological growth.
In addition to amending the definition
of corporate CUSO to permit de
minimus, non-controlling investments
in NP CUSOs, the proposed rule would
also make several conforming
amendments to part 704. The specific
details of the proposed amendments are
discussed below.
§ 704.2 Definitions
Consolidated credit union service
organization. Generally, consolidated
CUSOs are those majority-owned by a
corporate credit union. The proposed
rule would amend the definition of
consolidated CUSO to use the newly
defined term ‘‘CUSO’’ for clarity. Under
the proposed rule, a consolidated CUSO
would mean any CUSO the assets of
which are consolidated with those of
the corporate credit union for purposes
of reporting under Generally Accepted
Accounting Principles (GAAP).
Corporate CUSO. As discussed above,
the proposed rule would amend the
definition of a corporate CUSO. Under
the proposed rule, a CUSO would be
designated as a corporate CUSO only if
one or more corporate credit unions
E:\FR\FM\27MRP1.SGM
27MRP1
17290
Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules
have a controlling interest. A corporate
credit union would be considered to
have a controlling interest if: (1) The
CUSO is consolidated on a corporate
credit union’s balance sheet; (2) a
corporate credit union has the power,
directly or indirectly, to direct the
CUSO’s management or policies; or (3)
a corporate credit union owns 25
percent or more of the CUSO’s
contributed equity, stock, or
membership interests.16 A CUSO would
also be designated as a corporate CUSO
if the aggregate corporate credit union
ownership of all corporates investing in
the CUSO meets or exceeds 50 percent
of the CUSO’s contributed equity, stock,
or membership interests. The Board is
concerned that if several corporate
credit unions have a majority ownership
interest in a CUSO, the CUSO could
present the same risk to the credit union
system as a CUSO that is controlled by
one corporate credit union. If any of
these four conditions are met, then the
CUSO would meet the definition of a
corporate CUSO and be subject to
additional requirements under part 704.
The definition of corporate CUSO
would also be moved to § 704.2 for
consistency with the location of other
definitions in part 704.
Credit Union Service Organization
(CUSO). The proposed rule would
define the term CUSO for purposes of
part 704. Under the proposed rule, a
CUSO would mean both a NP CUSO
under part 712 and a corporate CUSO
under part 704.11. The proposed
definition makes it clear that the term
CUSO applies to both NP CUSOs and
corporate CUSOs unless otherwise
stated. For example, when calculating
tier 1 capital under part 704, a corporate
credit union must deduct, in part,
investments in any ‘‘unconsolidated
CUSO.’’ By using the term ‘‘CUSO,’’
instead of the defined terms ‘‘corporate
CUSO’’ and ‘‘consolidated CUSO,’’ the
proposed rule should be clear that a
corporate credit union must deduct
unconsolidated investments in both a
NP CUSO and a corporate CUSO.
khammond on DSKJM1Z7X2PROD with PROPOSALS
§§ 704.5 Investments, 704.6 Credit
Risk Management, and 704.7 Lending
The proposed rule would remove
references to corporate CUSOs and
instead refer to the general term CUSO
because those provisions would
continue to apply to a corporate credit
union investing in and lending to both
NP CUSOs and corporate CUSOs, as
explained in detail below in the
16 The proposed definition is related to the
definition of control in the Federal Deposit
Insurance Act for notices filed under the Change in
Bank Control Act. 12 U.S.C. 1817(j).
VerDate Sep<11>2014
15:54 Mar 26, 2020
Jkt 250001
discussion of the proposed changes to
§ 704.11.
§ 704.11 Credit Union Service
Organizations (CUSOs)
Under the proposed rule, § 704.11
would be reorganized for clarity,
however, the substantive requirements
for corporate CUSOs would not be
amended. The intent of the
reorganization is to be clear that certain
requirements apply to a corporate credit
union’s investment in or lending to both
NP CUSOs and corporate CUSOs,
certain requirements apply only to NP
CUSOs, and other requirements apply
only to corporate CUSOs.
The proposed rule sets forth the
requirements for all corporate credit
union investments in or lending to
CUSOs. The proposed rule, in
§ 704.11(a), states that the aggregate
investment and lending limits apply
regardless of whether a corporate credit
union’s investment or loan is to a NP
CUSO or a corporate CUSO. The
proposed rule does not amend the
current aggregate limitations on
investments and lending.17 A corporate
credit union that has already invested in
or loaned the maximum permitted
under the current rule would not be
authorized to invest or lend any
additional money. Instead, such a
corporate credit union would have to
reallocate its investments or loans if it
seeks to make any new investments that
are prohibited.
In § 704.11(b), the proposed rule
states that all corporate credit union
loans to CUSOs are subject to due
diligence requirements.18 The proposed
rule, as does the current rule, would
require corporate credit unions to
comply with certain due diligence
requirements from the NCUA’s member
business loans rule before making a loan
to a CUSO. Under the proposed rule,
corporate credit unions would be
subject to the commercial loan policy
and due diligence requirements in the
17 12 CFR 704.11(b). In general, the aggregate of
all investments in corporate CUSOs that a corporate
credit union may make must not exceed 15 percent
of a corporate credit union’s total capital. The
aggregate of all investments in and loans to
corporate CUSOs that a corporate credit union may
make must not exceed 30 percent of a corporate
credit union’s total capital. A corporate credit union
may lend to corporate CUSOs an additional 15
percent of total capital if the loan is collateralized
by assets in which the corporate has a perfected
security interest under state law.
18 12 CFR 704.11(c). The current rule includes a
cross-reference to due diligence requirements in the
member business loan rule. The member business
loan rule, however, was updated in 2015 and the
cross-referenced requirements have been removed.
Accordingly, the proposed rule would update the
cross references to reflect the revised member
business loan rule.
PO 00000
Frm 00003
Fmt 4702
Sfmt 4702
NCUA’s member business loans rule 19
for lending to both NP CUSOs and
corporate CUSOs. The board-approved
policy must ensure corporate credit
union lending activities are performed
in a safe and sound manner by
providing for ongoing control,
measurement, and management of
CUSO lending. The policy should also
include qualifications and experience
requirements for personnel involved in
underwriting, processing, approving,
administering, and collecting loans to
CUSOs. The corporate credit union
must also have a loan approval process,
underwriting standards and risk
management processes commensurate
with the size, scope and complexity of
its CUSO lending. The Board believes
these due diligence requirements are the
minimum requirements necessary to
ensure that corporate credit unions are
engaging in safe and sound lending
practices. The requirements should not
place a new burden on corporate credit
unions because any corporate credit
union that is currently making a loan to
a corporate CUSO should be following
these basic safety and soundness
principles.
In § 704.11(c), the proposed rule
would set forth the regulations
governing corporate credit union
investment in and lending to NP
CUSOs. The proposed rule would state
that corporate credit union investment
in and lending to NP CUSOs are
generally subject to part 712 of this
chapter. The intent of this section is to
be clear that a CUSO is either governed
under part 704 as a corporate CUSO, as
discussed below, or subject to part 712
as a NP CUSO. A corporate credit union
investment in a CUSO of a statechartered natural person credit union
would also be subject to the
requirements in part 712.
In § 704.11(d), the proposed rule, like
the current rule, would include safety
and soundness requirements for
corporate credit union investments in
and loans to corporate CUSOs. In
general, the proposed rule does not
make any substantive changes to the
existing prudential requirements. The
requirements have been reorganized for
clarity and as part of the general
restructuring of § 704.11, but are not
otherwise substantively amended.20
Finally, in § 704.11(e), the proposed
rule would include one new prudential
requirement for corporate credit union
investments in and loans to corporate
CUSOs. The proposed rule states that
19 12
CFR 723.4.
proposed rule would include a few nonsubstantive language changes that are only intended
to streamline the provision and enhance clarity.
20 The
E:\FR\FM\27MRP1.SGM
27MRP1
Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules
any subsidiary of a corporate CUSO
would be automatically designated a
corporate CUSO. The proposed rule also
would provide that all tiers or levels of
a corporate CUSO’s structure are subject
to the requirements for corporate
CUSOs. The Board believes this level of
oversight is necessary for all tiers of a
corporate CUSO because corporate
CUSOs affect not only the health of the
investing corporate credit union, but
also the health of the credit union
system as a whole. Many corporate
CUSOs serve natural person credit
unions directly. As stated previously,
the Board has historically been
concerned that some activities might
migrate from corporate credit unions to
CUSOs and their subsidiaries, and the
Board needs to ensure each layer in the
corporate structure is subject to certain
minimal prudential requirements.
khammond on DSKJM1Z7X2PROD with PROPOSALS
§ 704.19 Disclosure of Executive
Compensation
Section 704.19 currently requires that
each corporate credit union annually
prepare and maintain a document that
discloses the compensation of certain
employees, including compensation
received from a corporate CUSO.21 The
proposal would amend § 704.19 to
require that employee compensation
from either a NP CUSO or a corporate
CUSO must be reported. The Board
notes that under the current rule to
facilitate this disclosure, § 704.11(g)
requires a corporate CUSO to disclose
compensation paid to any employees
that are also employees of a corporate
credit union lending to, or investing in,
the CUSO. This provision places the
burden of disclosure on the corporate
CUSO. The proposed rule, however,
would not include a similar requirement
for NP CUSOs.22 Accordingly, the dual
employee would be required to disclose
his or her compensation from the NP
CUSO for the corporate credit union to
make the required disclosure.
B. Corporate Credit Union Board
Representation
Section 704.14 currently requires that
at least a majority of a corporate credit
union’s board members must serve on
the corporate credit union’s board as a
representative of a member credit
union.23 In addition, any candidate for
a position on the board of a corporate
21 12
CFR 704.19(a).
Board notes, however, that part 712
prohibits officials and senior management
employees, and their immediate family members of
an FCU with an outstanding loan or investment
from receiving any salary, commission, investment
income, or other income or compensation from the
CUSO, either directly or directly. 12 CFR 712.8.
23 12 CFR 704.14.
22 The
VerDate Sep<11>2014
15:54 Mar 26, 2020
Jkt 250001
credit union must hold a senior
management position at a member
credit union and hold that position at
the time he or she is seated on the board
of a corporate credit union. Currently,
only an individual who holds the
position of chief executive officer, chief
financial officer, chief operating officer,
or treasurer/manager at a member credit
union, and will hold that position at the
time he or she is seated on the corporate
credit union board if elected, may seek
election or re-election to the corporate
credit union board.
The proposed rule would expand the
credit union officials eligible to serve on
a corporate credit union board. The
proposed rule would no longer
expressly limit the corporate credit
union board to the above stated
positions and instead would include
any person in a senior staff position at
a member credit union. The proposed
rule would then list the current
positions as examples of senior staff
positions that are eligible to serve on a
corporate credit union board. The
proposed rule also would include two
new positions, chief information officer
and chief risk officer, in the list of
examples of senior staff positions
eligible to serve on a corporate credit
union board.
The Board believes that officials who
hold a senior management position at a
member credit union are qualified
individuals who could offer expertise as
a corporate credit union board member.
Not only would the corporate credit
union members have more flexibility in
choosing board members, but expanding
eligible senior staff positions, such as
chief information officer and chief risk
officer, would widen the range of
expertise on corporate credit union
boards.
C. Enterprise Risk Management
Section 704.21 requires corporate
credit unions to develop and follow an
enterprise risk management policy.24 A
corporate credit union must also
establish an enterprise risk management
committee (ERMC) and include an
independent risk management expert on
the committee. The Board adopted these
requirements in 2011 due to concerns
that corporate credit unions were not
adequately focused on the aggregation of
exposures across entire institutions,
even though the Board believed that
corporate credit unions were adequately
focused on individual risk exposures.25
The current rule includes several
specific requirements regarding the
independent risk management expert on
the committee. The risk management
expert must have at least five years of
experience in identifying, assessing, and
managing risk exposures.26 This
experience must be commensurate with
the size of the corporate credit union
and the complexity of its operations. In
addition, the current rule provides what
constitutes independence. A risk
management expert qualifies as
independent if: (1) The expert reports to
the ERMC and to the corporate credit
union’s board of directors; (2) neither
the expert, nor any immediate family
member of the expert, is supervised by
or has any material business or
professional relationship with the chief
executive officer (CEO) of the corporate
credit union, or anyone directly or
indirectly supervised by the CEO; and
(3) neither the expert, nor any
immediate family member of the expert,
has had any of the previously described
relationships for at least the past three
years.27 The Board specifically included
experience and independence
requirements to ensure the enterprise
risk management expert is adequately
qualified and not influenced by the
operational side of the corporate credit
union.28
The Board, however, no longer
believes that it is necessary for
prescriptive experience requirements
and for the risk management expert to
be independent of the corporate credit
union. The Board believes the corporate
credit union should have more
discretion in choosing an adequate risk
management expert. The Board does not
believe that a prescriptive five-year
experience requirement is necessary.
The Board believes that corporate credit
unions are in the best position to
determine the appropriate level of
experience necessary for the position.
The proposed rule also would permit
the risk management expert to report
directly to the ERMC.
Additionally, the Board believes that
the effectiveness of risk management
practices is driven by a multitude of
factors, to include policies, processes,
and qualified knowledge. Many
corporate credit unions have integrated
their enterprise risk management
function into their business decision
making, and at many corporate credit
unions, internal corporate staff possess
the skills and experience to capably
manage the enterprise risk management
program. By and large, corporate credit
unions have improved their ability to
assess risk and effectively challenge
24 12
26 12
25 76
27 12
CFR 704.21.
FR 23861 (Apr. 29, 2011) and 80 FR 25932
(May 6, 2015).
PO 00000
Frm 00004
Fmt 4702
Sfmt 4702
17291
CFR 704.21(c).
CFR 704.21(d).
28 76 FR 23861 (Apr. 29, 2011).
E:\FR\FM\27MRP1.SGM
27MRP1
17292
Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules
evaluations of risk since the current rule
was first adopted. The proposed rule
would provide the corporate credit
unions flexibility to choose an internal
risk management expert instead of
engaging an outside consultant.
The Board, however, notes that even
though independence is no longer an
explicit requirement, for best enterprise
risk management practices, the expert
should have appropriate stature and
authority to effectively manage and lead
an enterprise risk management program.
The expert must be competent to
analyze risks across the institution and
have the capability to communicate
those risks to the board or ERMC despite
potential influence from the operational
side of the corporate credit union. The
NCUA will evaluate the adequacy of a
corporate credit union’s enterprise risk
management practices through the
supervisory process. Sound risk
management is a cornerstone
responsibility of a credit union’s
leadership; therefore, CAMEL and risk
ratings will incorporate the supervisory
team’s assessment of this area.
Weaknesses in risk management may
result in supervisory actions.
khammond on DSKJM1Z7X2PROD with PROPOSALS
D. Natural Person Credit Union
Subordinated Debt Instruments
The Board recently issued a proposed
rule to permit low-income designated
credit unions, complex credit unions,
and new credit unions to issue
subordinated debt instruments for
purposes of regulatory capital treatment
(subordinated debt NPR).29 If the Board
adopts the proposed rule as final, it
expects additional credit unions to
begin issuing subordinated debt
instruments. Therefore, the Board
believes it is necessary to clarify
whether corporate credit unions may
purchase such instruments and, if so,
the treatment of the investments under
part 704.
This proposed rule would create a
new definition for the term natural
person credit union subordinated debt
instrument. The proposed rule would
define a natural person credit union
subordinated debt instrument as any
debt instrument issued by a natural
person credit union that is subordinate
to all other claims against the credit
union, including the claims of creditors,
shareholders, and either the National
Credit Union Share Insurance Fund
(NCUSIF) or the insurer of a privately
insured credit union. The Board intends
for this definition to include all
29 Available at, https://www.ncua.gov/files/
publications/regulations/proposed-rulesubordinated-debt.pdf (Feb. 7, 2020).
VerDate Sep<11>2014
15:54 Mar 26, 2020
Jkt 250001
instruments issued under the
subordinated debt NPR.
The Board is clarifying that corporate
credit unions may purchase
subordinated debt instruments of
natural person credit unions under a
corporate credit union’s lending
authority. This authority is derived from
their lending authority because
subordinated debt instruments are
issued under a natural person credit
union’s borrowing authority.
Additionally, natural person credit
unions are also permitted to, subject to
various restrictions and limits, purchase
such subordinated debt instruments
from other natural person credit unions
under their lending authority. Treating
the purchase of such subordinated debt
instruments as lending would ensure
consistent treatment between natural
person credit unions and corporate
credit unions. The proposed rule would
not explicitly state that a corporate
credit union may purchase a natural
person credit union subordinate debt
instrument because the Board believes
corporate credit unions’ current lending
authority is currently sufficiently broad
to include purchasing subordinated debt
instruments.
The proposed rule, however, would
require that a corporate credit union
fully deduct the amount of the
subordinated debt instrument from its
tier 1 capital to ensure consistent
treatment between investments in the
capital of other corporate credit unions
and natural person credit unions.
Corporate credit unions are currently
required to deduct from tier 1 capital
any investments in perpetual
contributed capital and nonperpetual
capital accounts that are maintained at
other corporate credit unions.30 The
Board believes that investments in
natural person credit union
subordinated debt instruments should
be treated similarly as such instruments
may qualify as regulatory capital for the
natural person credit union. The Board
is also concerned about systemic risk if
corporate credit unions own a
significant amount of natural person
credit union issued subordinated debt.
Finally, a natural person credit union
subordinated debt instrument would be
in a first loss position, even before the
NCUSIF and any private insurance fund
or entity. Therefore, an involuntary
liquidation of the issuing credit union
would potentially mean large, and likely
total, losses for the holders of those
subordinated obligations. The Board
believes that fully deducting such
instruments from tier 1 capital will
30 See the definition of tier 1 capital in 12 CFR
704.2.
PO 00000
Frm 00005
Fmt 4702
Sfmt 4702
ensure any potential losses do not affect
the capital position of the investing
corporate credit union. This measured
approach strikes the right balance
between providing corporate credit
unions the flexibility to purchase
natural person credit union
subordinated debt instruments and
avoiding undue systemic risk to the
credit union system.
E. Approved Corporate CUSO Activities.
Part 704 does not list the permissible
activities for corporate CUSOs in the
regulatory text of part 704 of the Code
of Federal Regulations, unlike part 712,
which does so for NP CUSOs.31 Instead,
§ 704.11 requires that, generally, a
corporate CUSO must agree that it will
limit its services to brokerage services,
investment advisory services, and other
categories of services as preapproved by
NCUA and published on NCUA’s
website.32 A CUSO that desires to
engage in an activity not preapproved
by NCUA can apply to NCUA for that
approval. To increase transparency and
make it easier for corporate credit
unions to determine if an activity has
previously been determined by the
Board to be permissible, the proposed
rule would replace the permissible
activities list from the NCUA website
with a new appendix to part 704. The
proposed rule would include a new
Appendix D, which would reprint the
current list of permissible activities and
conditions for corporate CUSO
activities. The Board is not proposing
any amendments to the list at this time.
In the future, the Board would make any
additions or changes to the list by
amending Appendix D through a
rulemaking.
F. Definition of Collateralized Debt
Obligation.
Corporate credit unions are prohibited
from purchasing certain overly complex
or leveraged investments, including
collateralized debt obligations
(commonly referred to as CDOs).33
Under the current rule, the term CDO
means a debt security collateralized by
mortgage-backed securities, other assetbacked securities, or corporate
obligations in the form of nonmortgage
loans or debt. The term does not
include: (1) Senior tranches of Re–
REMICs consisting of senior mortgageand asset-backed securities; (2) Any
31 12
CFR 712.5(b).
32 https://www.ncua.gov/regulation-supervision/
corporate-credit-unions/corporate-cuso-activities/
approved-corporate-cuso-activities.
33 The prohibition on purchasing CDOs was
intended to protect corporate credit unions from the
potential for excessive investment losses. 75 FR
64786, 64793 (Oct. 20, 2010).
E:\FR\FM\27MRP1.SGM
27MRP1
Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules
khammond on DSKJM1Z7X2PROD with PROPOSALS
security that is fully guaranteed as to
principal and interest by the U.S.
Government or its agencies or its
sponsored enterprises; or (3) Any
security collateralized by other
securities where all the underlying
securities are fully guaranteed as to
principal and interest by the U.S.
Government or its agencies or its
sponsored enterprises.34 The proposed
rule would amend the definition of CDO
to clarify that the definition includes
both loans and debt securities. The
proposed rule would change the defined
term to ‘‘collateralized loan or debt
obligation,’’ but would not otherwise
amend the definition. The NCUA Board
is aware that there has been confusion
among industry participants concerning
whether collateralized loans meet the
definition and are therefore prohibited.
The Board believes amending the name
of the defined term clarifies the Board’s
intent.
G. Net Interest Income Modeling
Under the current rule, a corporate
credit union must perform net interest
income (NII) modeling to project
earnings in multiple interest rate
environments for a period of no less
than two years.35 NII modeling must, at
minimum, be performed quarterly,
including once on the last day of the
calendar quarter. The proposed rule
would make a change to the timeframe
for NII. Under the proposed rule, a
corporate credit union would not be
required to perform NII modeling for
two years and instead would only be
required to perform modeling for one
year.
The Board is proposing to amend the
requirements for NII given that
corporate credit unions are also subject
to weighted average life (WAL) limits,
which limit asset maturities to less than
two years.36 Under the current rule, a
corporate credit union must test its
financial assets at least quarterly,
including once on the last day of the
calendar quarter, for compliance with
this limitation. If the WAL of a
corporate credit union’s assets exceeds
two years on the testing date, this test
must be calculated at least monthly,
including once on the last day of the
month, until the WAL is below two
years.
The Board believes that NII modeling
performed over a longer period than the
WAL limits for asset maturities is less
useful because the corporate credit
union would also have to estimate what
reinvestments would occur over the
34 12
CFR 704.2.
CFR 704.8(e).
36 12 CFR 704.8(f).
35 12
VerDate Sep<11>2014
15:54 Mar 26, 2020
Jkt 250001
two-year period beyond simply
estimating interest cash flows on assets.
In addition, corporate credit unions
already conduct net economic value
analyses which capture a long-term
view of interest rate risk. The Board
believes that NII modeling over a oneyear period sufficiently captures a
corporate credit union’s short-term
interest rate risk.
III. Request for Comment on the
Proposed Rule
The above proposed changes are
consistent with the Board’s ongoing
efforts to reduce regulatory burden
while assuring that corporate credit
unions operate in a safe and sound
manner. The Board welcomes comment
on all aspects of the proposal. The
Board is particularly interested in
comments on the proposed thresholds
and definitions and is willing to
consider alternatives. The Board is
requesting comment specifically on the
following questions.
1. Is the proposed definition of
corporate CUSO appropriate? Does it
capture the types of corporate credit
union investments most likely to pose
systemic risk to the credit union
system? The Board is willing to consider
amendments to the definition of
corporate CUSO.
2. The proposed definition of a
corporate CUSO states that if a corporate
credit owns 25 percent or more of a
CUSO’s contributed equity, stock, or
membership interests, then the CUSO is
a corporate CUSO. Please comment on
whether 25 percent is an appropriate
threshold for control. Should the Board
consider a higher or lower threshold?
The Board is willing to consider
alternative thresholds for the definition
of corporate CUSO. The Board notes
that for some purposes the Federal
Deposit Insurance Corporation defines
control as low as 10 percent of an
institution’s common stock.
3. How do corporate credit unions
structure their investment in CUSOs? Is
it generally through stock? Contributed
equity? Membership interests? Are there
any types of typical ownership interests
excluded from the corporate CUSO
definition?
4. The proposed rule would not
require NP CUSOs to disclose
compensation paid to any employees
that are also employees of a corporate
credit union lending to, or investing in,
the CUSO. Are corporate credit unions
able to comply with their annual
compensation disclosure without
receiving the information from NP
CUSOs?
5. Instead of requiring a deduction
from capital due to the investment in a
PO 00000
Frm 00006
Fmt 4702
Sfmt 4702
17293
subordinated debt instrument, should
the Board prohibit a corporate credit
union from investing in such an
instrument? Prohibiting an investment
would limit a corporate credit union’s
flexibility, but would further reduce the
potential for systemic risk. Please
discuss the definition of natural person
credit union subordinated debt
instrument. Does it appropriately
capture the subordinated debt
instruments issued by natural person
credit unions that are most likely to
pose systemic risk? The Board is open
to alternative treatments for a corporate
credit union’s investment in
subordinated debt instruments.
6. Would a one-year window for NII
modeling provide credit unions with a
more accurate window to project
earnings? Should the Board consider
other timeframes to balance the
accuracy of projections with the need
for corporate credit unions to
understand its interest rate risk? The
Board is willing to consider alternative
time periods for NII.
VII. Regulatory Procedures
Regulatory Flexibility Act
The Regulatory Flexibility Act (RFA)
generally requires that, in connection
with a notice of proposed rulemaking,
an agency prepare and make available
for public comment an initial regulatory
flexibility analysis that describes the
impact of a proposed rule on small
entities (defined for purposes of the
RFA to include credit unions with
assets less than $100 million).37 A
regulatory flexibility analysis is not
required, however, if the agency
certifies that the rule will not have a
significant economic impact on a
substantial number of small entities and
publishes its certification and a short,
explanatory statement in the Federal
Register together with the rule.
This proposed rule would not have a
significant economic impact on a
substantial number of small entities.
There are no corporate credit unions
under $100 million in assets. Therefore,
the Board certifies that the rule will not
have a significant economic impact on
a substantial number of small entities.
Paperwork Reduction Act
The Paperwork Reduction Act of 1995
(PRA) applies to information collection
requirements in which an agency
creates a new paperwork burden on
regulated entities or modifies an
existing burden. For purposes of the
PRA, a paperwork burden may take the
form of a reporting, recordkeeping, or
37 See
E:\FR\FM\27MRP1.SGM
80 FR 57512 (Sept. 24, 2015).
27MRP1
17294
Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules
third-party disclosure requirement, each
referred to as an information collection.
The NCUA may not conduct or sponsor,
and the respondent is not required to
respond to, an information collection
unless it displays a currently valid
Office of Management and Budget
(OMB) control number.
The proposed rule will amend 12 CFR
part 704, in part, to address minimal
investments by a corporate credit union
in a CUSO without the CUSO being
classified as a corporate CUSO. The
information collection requirements
associated with this provision are
cleared under OMB control number
3133–0129 and there are no other new
information collection requirements
associated with this proposed rule.
Executive Order 13132
Executive Order 13132 encourages
independent regulatory agencies to
consider the impact of their actions on
state and local interests. In adherence to
fundamental federalism principles, the
NCUA, an independent regulatory
agency as defined in 44 U.S.C. 3502(5),
voluntarily complies with the principles
of the executive order. This rulemaking
will not have a substantial direct effect
on the states, on the connection between
the national government and the states,
or on the distribution of power and
responsibilities among the various
levels of government. The NCUA has
determined that this proposal does not
constitute a policy that has federalism
implications for purposes of the
executive order.
Assessment of Federal Regulations and
Policies on Families
The NCUA has determined that this
proposed rule will not affect family
well-being within the meaning of
section 654 of the Treasury and General
Government Appropriations Act, 1999,
Public Law 105–277, 112 Stat. 2681
(1998).
List of Subjects in 12 CFR Part 704
Credit unions, Corporate credit
unions, Reporting and recordkeeping
requirements.
khammond on DSKJM1Z7X2PROD with PROPOSALS
By the National Credit Union
Administration Board on February 20, 2020.
Gerard Poliquin,
Secretary of the Board.
For the reasons discussed above, the
Board proposes to amend 12 CFR part
704, as follows:
PART 704—CORPORATE CREDIT
UNIONS
1. The authority citation for part 704
continues to read as follows:
■
VerDate Sep<11>2014
15:54 Mar 26, 2020
Jkt 250001
Authority: 12 U.S.C. 1766(a), 1781, and
1789.
2. In § 704.2:
a. Revise the definition of
Collateralized Debt Obligation,
Consolidated Credit Union Service
Organization and Tier 1 Capital; and
■ b. Add definitions for Corporate
CUSO, Credit Union Service
Organization (CUSO), and Natural
Person Credit Union Subordinated Debt
Instrument, in alphabetical order, to
read as follows:
■
■
§ 704.2
Definitions.
*
*
*
*
*
Collateralized Debt and Loan
Obligation (CDLO) means a debt
security collateralized by mortgagebacked securities, other asset-backed
securities, or corporate obligations in
the form of nonmortgage loans or debt.
For purposes of Part 704, the term CDLO
does not include:
(1) Senior tranches of Re–REMIC’s
consisting of senior mortgage-and assetbacked securities;
(2) Any security that is fully
guaranteed as to principal and interest
by the U.S. Government or its agencies
or its sponsored enterprises; or
(3) Any security collateralized by
other securities where all the underlying
securities are fully guaranteed as to
principal and interest by the U.S.
Government or its agencies or its
sponsored enterprises.
*
*
*
*
*
Consolidated Credit Union Service
Organization (Consolidated CUSO)
means any CUSO the assets of which are
consolidated with those of the corporate
credit union for purposes of reporting
under Generally Accepted Accounting
Principles (GAAP). Generally,
consolidated CUSOs are majority-owned
CUSOs.
*
*
*
*
*
Corporate CUSO means a CUSO, as
defined in part 712, that:
(1) Is a consolidated CUSO;
(2) A corporate credit union has the
power, directly or indirectly, to direct
the CUSO’s management or policies;
(3) A corporate credit union owns 25
percent or more of the CUSO’s
contributed equity, stock, or
membership interests; or
(4) The aggregate corporate credit
union ownership meets or exceeds 50
percent of the CUSO’s contributed
equity, stock, or membership interests.
Credit union service organization
(CUSO) means both a CUSO under part
712 and a corporate CUSO under part
704.
*
*
*
*
*
Natural Person Credit Union
Subordinated Debt Instrument is any
PO 00000
Frm 00007
Fmt 4702
Sfmt 4702
debt instrument issued by a natural
person credit union that is subordinate
to all other claims against the credit
union, including the claims of creditors,
shareholders, and either the National
Credit Union Share Insurance Fund or
the insurer of a privately insured credit
union.
*
*
*
*
*
Tier 1 capital means the sum of items
in paragraphs (1) and (2) of this
definition from which items in
paragraphs (3) through (7) are deducted:
(1) Retained earnings;
(2) Perpetual contributed capital;
(3) Deduct the amount of the
corporate credit union’s intangible
assets that exceed one half percent of its
moving daily average net assets
(however, the NCUA may direct the
corporate credit union to add back some
of these assets on the NCUA’s own
initiative, or the NCUA’s approval of
petition from the applicable state
regulator or application from the
corporate credit union);
(4) Deduct investments, both equity
and debt, in unconsolidated CUSOs;
(5) Deduct an amount equal to any
PCC or NCA that the corporate credit
union maintains at another corporate
credit union;
(6) Deduct any amount of PCC
received from federally insured credit
unions that causes PCC minus retained
earnings, all divided by moving daily
average net assets, to exceed two
percent when a corporate credit union’s
retained earnings ratio is less than two
and a half percent; and
(7) Deduct any natural person credit
union subordinated debt instrument
held by the corporate credit union.
*
*
*
*
*
■ 3. Revise § 704.5(c)(3) to read as
follows:
§ 704.5
Investments.
*
*
*
*
*
(c) * * *
(1) * * *
(2) * * *
(3) CUSOs, subject to the limitations
of § 704.11;
*
*
*
*
*
■ 4. In § 704.6(c)(2)(vi), remove the
word ‘‘corporate’’ before the word
‘‘CUSO.’’
■ 5. In § 704.7, remove the word
‘‘corporate’’ before the word ‘‘CUSO’’
each place the word appears.
■ 6. In § 704.8(e) replace the phrase ‘‘no
less than 2 years’’ with ‘‘no less than 1
year.’’
■ 7. Revise § 704.11 to read as follows:
§ 704.11 Credit Union Service
Organizations (CUSOs).
(a) Investment and loan limitations.
(1) The aggregate of all investments in
E:\FR\FM\27MRP1.SGM
27MRP1
khammond on DSKJM1Z7X2PROD with PROPOSALS
Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules
member and non-member CUSOs that a
corporate credit union may make must
not exceed 15 percent of a corporate
credit union’s total capital.
(2) The aggregate of all investments in
and loans to member and nonmember
CUSOs a corporate credit union may
make must not exceed 30 percent of a
corporate credit union’s total capital. A
corporate credit union may lend to
member and nonmember CUSOs an
additional 15 percent of total capital if
the loan is collateralized by assets in
which the corporate has a perfected
security interest under state law.
(3) If the limitations in paragraphs
(a)(1) and (a)(2) of this section are
reached or exceeded because of the
profitability of the CUSO and the related
GAAP valuation of the investment
under the equity method without an
additional cash outlay by the corporate,
divestiture is not required. A corporate
credit union may continue to invest up
to the regulatory limit without regard to
the increase in the GAAP valuation
resulting from the CUSO’s profitability.
(b) Due diligence. A corporate credit
union must comply with the
commercial loan policy and due
diligence requirements of § 723.4 of this
chapter for all loans to CUSOs.
(c) Requirements for CUSOs that are
not corporate CUSOs. Corporate credit
union investments in and lending to
CUSOs that are not corporate CUSOs are
subject to part 712 of this chapter,
except that investment and loan
limitations and due diligence
requirements are governed by this
section.
(d) Requirements for Corporate
CUSOs. Corporate credit union
authority to invest in or loan to a
corporate CUSO is limited to that
provided in this section.
(1) Structure. A corporate CUSO must
be structured as a corporation, limited
liability company, or limited
partnership under state law.
(2) Separate entity. (i) A corporate
CUSO must be operated as an entity
separate from a corporate credit union.
(ii) A corporate credit union investing
in or lending to a corporate CUSO must
obtain a written legal opinion that
concludes the corporate CUSO is
organized and operated in a manner that
the corporate credit union will not
reasonably be held liable for the
obligations of the corporate CUSO. This
opinion must address factors that have
led courts to ‘‘pierce the corporate veil,’’
such as inadequate capitalization, lack
of corporate identity, common boards of
directors and employees, control of one
entity over another, and lack of separate
books and records.
VerDate Sep<11>2014
15:54 Mar 26, 2020
Jkt 250001
(3) Permissible activities. (i) A
corporate CUSO must agree to limit its
activities to:
(1) Brokerage services,
(2) Investment advisory services, and
(3) Other categories of activities as
approved in writing by NCUA and as
reflected in Appendix D.
(ii) Once the NCUA has approved an
activity and published that activity on
its website, the NCUA will not remove
that particular activity from the
approved list, or make substantial
changes to the content or description of
that approved activity, except through
the formal rulemaking process.
(4) Compensation Restrictions. An
official of a corporate credit union
which has invested in or loaned to a
corporate CUSO may not receive, either
directly or indirectly, any salary,
commission, investment income, or
other income, compensation, or
consideration from the corporate CUSO.
This prohibition also extends to
immediate family members of officials.
(5) Written Agreement between the
Corporate Credit Union and Corporate
CUSO. Prior to making an investment in
or loan to a corporate CUSO, a corporate
credit union must obtain a written
agreement that the corporate CUSO:
(i) Will follow GAAP;
(ii) Will provide financial statements
to the corporate credit union at least
quarterly;
(iii) Will obtain an annual CPA
opinion audit and provide a copy to the
corporate credit union. A consolidated
CUSO is not required to obtain a
separate annual audit if it is included in
the corporate credit union’s annual
audit;
(iv) Will provide the reports as
required by § 712.3(d)(4) and (5) of this
chapter;
(v) Will not acquire control, directly
or indirectly, of another depository
financial institution or to invest in
shares, stocks, or obligations of an
insurance company, trade association,
liquidity facility, or similar
organization;
(vi) Will allow the auditor, board of
directors, and NCUA complete access to
the CUSO’s personnel, facilities,
equipment, books, records, and any
other documentation that the auditor,
directors, or NCUA deem pertinent;
(vii) Will inform the corporate, at least
quarterly, of all the compensation paid
by the CUSO to its employees who are
also employees of the corporate credit
union; and
(viii) Will comply with all the
requirements of this section.
(e) Subsidiary Restrictions. Any
subsidiary of a corporate CUSO is
automatically designated a corporate
PO 00000
Frm 00008
Fmt 4702
Sfmt 4702
17295
CUSO and subject to all the
requirements of this section. The
requirements of this section apply to all
tiers or levels of a corporate CUSO’s
structure.
■ 8. Revise § 704.14(a)(2) to read as
follows:
§ 704.14
Representation.
*
*
*
*
*
(a) * * *
(1) * * *
(2) Only an individual who currently
holds a senior staff position (e.g.,
position of chief executive officer, chief
financial officer, chief operating officer,
chief information officer, chief risk
officer, treasurer/manager, etc.) at a
member credit union, and will hold that
position at the time he or she is seated
on the corporate credit union board if
elected, may seek election or re-election
to the corporate credit union board;
*
*
*
*
*
■ 9. In § 704.19, remove the word
‘‘corporate’’ before the word ‘‘CUSO’’.
■ 10. In § 704.21, revise paragraph (c)
and remove paragraphs (d) and (e) to
read as follows:
§ 704.21
Enterprise risk management.
*
*
*
*
*
(a) * * *
(b) * * *
(c) The ERMC must include at least
one risk management expert who can
report directly to the board of directors.
The risk management expert’s
experience must be commensurate with
the size of the corporate credit union
and the complexity of its operations.
■ 11. Add Appendix D to read as
follows:
Appendix D: Approved Corporate
CUSO Activities.
Category—Clerical, Professional, &
Management
A corporate CUSO may engage in the
following clerical, professional, and
management activities:
1. Business Consulting Services:
Offering consulting services in support
of business development, strategic
planning, industry analysis, and
operational efficiency.
2. Human Resources Services:
Services addressing human capital
needs, reporting, and management
considerations to include development
of policies, procedures, and employee
manuals.
3. Insurance Brokerage or Agency
Referrals: Making third party insurance
services or products available. This may
include endorsing a product or service,
negotiating group discounts and making
referrals.
E:\FR\FM\27MRP1.SGM
27MRP1
khammond on DSKJM1Z7X2PROD with PROPOSALS
17296
Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules
4. Marketing and Research Services:
Systematically gathering, recording, and
analyzing data about issues relating to
marketing credit union products and
services to identify and assess how
changing elements of the marketing mix
affect member behavior. Producing
reports of research, making
recommendations for marketing
strategies, and other similar market and
research services.
5. Payroll Services: Management of
payroll processing, reporting, and tax
filing;
6. Training Services: Furnishing prepackaged training products, developing
new or customizing existing training
products/modules, and facilitating
education and training of credit union
staff.
7. Audit & Compliance Consulting
Services: Performing, as requested and
agreed upon in predetermined scope
arrangement, audits (internal,
operational, financial, or compliance).
Providing education and consultation
services for developing statutory and
regulatory compliance programs related
to the Bank Secrecy Act, Anti Money
Laundering provision, Office of Foreign
Asset Control, and U.S. Patriot Act.
8. Product Development Services:
Research and development of products
and services specific to the needs of
credit unions and their members/
consumers.
A corporate credit union may engage
in the following currency services:
1. Coin and Currency Services:
Providing replenishment or deposit of
excess coin and cash. This may include
vault cash orders, ATM replenishments,
and other similar services. Coin and
currency services may be offered
through agreement with another
financial institution, direct with the
Federal Reserve, through an armored car
service agreement, or other similar
arrangement.
2. A corporate credit union may only
engage in coin and currency services if
it meets the following conditions:
a. Maintain bond/liability insurance
as appropriate.
b. Annually provide OCCU copy of
bond/liability insurance.
A corporate credit union may engage
in the following data processing
services:
1. Electronic Document Management:
Providing document and record
management systems which may allow
for document archival, reporting, secure
remote access, and similar services.
2. Core processing: Offering a backend system in a service bureau
environment used to process and record
daily transactions, and post updates to
accounts and other financial records.
VerDate Sep<11>2014
15:54 Mar 26, 2020
Jkt 250001
This typically includes deposit, loan
and credit-processing capabilities, with
interfaces to general ledger systems and
reporting tools, and may allow for or
integrate with front-end member access
platforms, subject to the following
conditions:
a. Maintain business recovery plan
ensuring uninterrupted operations.
b. Maintain bond/liability insurance
appropriate for activity.
c. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
d. Annually provide OCCU copy of
bond/liability insurance, business
contingency plans & test results.
A corporate credit union may engage
in the following lending and deposit
services:
1. Business Banking—Consulting and
Turnkey Services: Provide either inhouse, or through turnkey operation,
suite of financial products. Products
may include loan products, risk
monitoring, and consulting services for
business loan, deposit, payment and
cash management products, provided
that the corporate CUSO comply with
the Member Business Loan Regulation—
Part 723 of the NCUA Rules and
Regulations.
2. Business loan origination: Provide
business loan consulting and origination
services. Examples of business loan
origination include commercial real
estate, term loans, lines of credit,
construction, agriculture, SBA loans,
and loan participation servicing and
brokering, provided that the corporate
CUSO comply with the Member
Business Loan Regulation—Part 723 of
the NCUA Rules and Regulations.
3. Business Loan Support Services:
Provide business loan processing and
sales to include pre- and post closing
underwriting, risk monitoring reports,
document preparation, and servicing.
Loan support services may also include
debt collection services and sale of
repossessed collateral.
A corporate credit union may engage
in the following payments and
electronic transaction services:
1. Automated Clearing House (ACH):
Providing services for the receipt,
processing, distribution, and settlement
of electronic credits and debits among
financial institutions for final posting to
business entities, credit unions and
members/consumers. Activities include
receipt of ACH files; file distribution;
receipt and processing of returned items
and notification of change files; offering
and/or processing ACH origination files;
assisting with ACH exceptions and
transaction disputes; providing
settlement of ACH files; and other
PO 00000
Frm 00009
Fmt 4702
Sfmt 4702
similar ACH services, subject to the
following conditions:
a. Restrict CUSO ownership to one
corporate unless approved by NCUA.
b. Comply with NACHA rules.
c. Maintain Business Continuity/
Disaster Recovery plan ensuring
uninterrupted operations.
d. Comply with the Security Program
Requirements—Part 748 to safeguard
consumer information.
e. Maintain bond/liability insurance
as appropriate.
f. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
g. Annually provide OCCU copy of
bond/liability insurance, report on
controls at a service organization,
business continuity plans and test
results.
h. Utilize distributed settlement
model if providing services to other
corporate credit unions.
2. Wire Transfer Services (Domestic
and International): Electronically
transferring funds through the Federal
Reserve Bank, other financial
institution, or other similar third-party
funds transfer agent (i.e., Western
Union, etc.) directly to a domestic or
foreign financial institution or receiving
transfer agent with final credit to
business entities, credit unions, and
member/consumers, subject to the
following conditions:
a. Restrict CUSO ownership to one
corporate unless approved by NCUA.
b. Maintain Business Continuity/
Disaster Recovery plan ensuring
uninterrupted operations.
c. Comply with the Security Program
Requirements—Part 748 to safeguard
consumer information.
d. Comply with NCUA and FFIEC
Guidance for Authentication in an
Internet Banking Environment as
applicable.
e. Prefund transactions prior to
processing.
f. Maintain bond/liability insurance as
appropriate.
g. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
h. Annually provide OCCU copy of
bond/liability insurance, report on
controls at a service organization,
business continuity plans and test
results.
3. Forward Check Collection/Remote
Deposit Capture Services: Offering a
suite of image, electronic, and paper
forward check processing, collection,
clearing, settlement, adjustment, and
reporting services. Deposit processing
may occur as either ‘‘traditional’’ paper
processing, electronic truncation, or
image capture, processing, and
E:\FR\FM\27MRP1.SGM
27MRP1
khammond on DSKJM1Z7X2PROD with PROPOSALS
Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules
transmission of check images from
remote or centralized locations. Remote
deposit capture services may include
branch, teller, merchant, ATM, and
consumer capture, and other similar
forward check collection services.
Activities may include resale of
equipment through negotiated
agreement, bundled services, and
support agreements, subject to the
following conditions:
a. Restrict CUSO ownership to one
corporate unless approved by NCUA.
b. Comply with Federal Reserve
Operating circulars and/or image
clearing house operating agreements.
c. Maintain Business Continuity/
Disaster Recovery plan ensuring
uninterrupted operations.
d. Comply with the Security Program
Requirements—Part 748 to safeguard
consumer information.
e. Comply with NCUA and FFIEC
Guidance for Authentication in an
Internet Banking Environment as
applicable.
f. Maintain bond/liability insurance as
appropriate.
g. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
h. Annually provide OCCU copy of
bond/liability insurance, report on
controls at a service organization,
business continuity plans and test
results.
i. Utilize distributed settlement model
if providing services to other corporate
credit unions.
4. Share Draft (Check) Processing:
Offering inclearing services for the
receipt and processing of share drafts
(checks) either as electronic images or
physical checks received from the
Federal Reserve Bank, image exchange
networks, or through direct presentment
arrangements with other financial
institutions. Services include receipt
and processing of inclearing checks for
file distribution, processing of return
files, adjustments, dispute resolution
assistance, financial settlement of files,
and other similar services, subject to the
following conditions:
a. Restrict CUSO ownership to one
corporate unless approved by NCUA.
b. Comply with Federal Reserve
Operating circulars and/or image
clearing house operating agreements.
c. Maintain Business Continuity/
Disaster Recovery plan ensuring
uninterrupted operations.
d. Comply with the Security Program
Requirements—Part 748 to safeguard
consumer information.
e. Comply with NCUA and FFIEC
Guidance for Authentication in an
Internet Banking Environment as
applicable.
VerDate Sep<11>2014
15:54 Mar 26, 2020
Jkt 250001
f. Maintain bond/liability insurance as
appropriate.
g. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
h. Annually provide OCCU copy of
bond/liability insurance, report on
controls at a service organization,
business continuity plans and test
results.
i. Utilize distributed settlement model
if providing services to other corporate
credit unions.
5. Share Draft, Check Imaging, and
Archival Services: Providing services for
capturing and storing images of physical
share drafts or checks for the purpose of
facilitating forward check collection,
maintaining electronic archives, and
facilitating electronic access to check
images for consumers’ statements,
integration with internet banking
websites, and other similar purposes.
Service may also include creating copies
of archival history to facilitate ‘‘inhouse’’ storage or transfers to new thirdparty service providers, subject to the
following conditions:
a. Restrict CUSO ownership to one
corporate unless approved by NCUA.
b. Comply with Federal Reserve
Operating circulars and/or image
clearing house operating agreements.
c. Maintain Business Continuity/
Disaster Recovery plan ensuring
uninterrupted operations.
d. Comply with the Security Program
Requirements—Part 748 to safeguard
consumer information.
e. Comply with NCUA and FFIEC
Guidance for Authentication in an
internet Banking Environment as
applicable.
f. Maintain bond/liability insurance as
appropriate.
g. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
h. Annually provide OCCU copy of
bond/liability insurance, report on
controls at a service organization,
business continuity plans and test
results.
6. Share Draft Fraud and Risk
Management Services: Offering
complementary services for share draft
processing designed to identify and
prevent checking account fraud and
losses during the share draft clearing
process, subject to the following
conditions:
a. Maintain Business Continuity/
Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program
Requirements—Part 748 to safeguard
consumer information.
c. Maintain bond/liability insurance
as appropriate.
PO 00000
Frm 00010
Fmt 4702
Sfmt 4702
17297
d. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
e. Annually provide OCCU copy of
bond/liability insurance, report on
controls at a service organization,
business continuity plans and test
results.
7. Official Check Services: Offering
business share drafts (checks), official
checks, and money order programs to
include processing, clearing, and
settlement of items, maintaining list of
issued drafts, and providing daily
reports for reconciliation, subject to the
following conditions:
a. Maintain Business Continuity/
Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program
Requirements—Part 748 to safeguard
consumer information.
c. Maintain bond/liability insurance
as appropriate.
d. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
e. Annually provide OCCU copy of
bond/liability insurance, report on
controls at a service organization,
business continuity plans and test
results.
8. Lockbox & Remittance Services:
Providing wholesale or small batch
retail remittance processing services.
Service includes receiving and
processing payments, providing reports
or files of activity, depositing of funds,
and forward collection of items, subject
to the following conditions:
a. Maintain Business Continuity/
Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program
Requirements—Part 748 to safeguard
consumer information.
c. Maintain bond/liability insurance
as appropriate.
d. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
e. Annually provide OCCU copy of
bond/liability insurance, report on
controls at a service organization,
business continuity plans and test
results.
9. Online & Mobile Banking: Offering
internet-based technological services
which may provide real-time, 24/7
access to consumers’ financial
information. This includes the ability to
manage a variety of transactional and
non-transactional activities within and
between accounts which may include
electronic transfers, payments, on-line
loan applications, and other similar
banking activities. Access to accounts
may be through internet web
applications and/or portable electronic
E:\FR\FM\27MRP1.SGM
27MRP1
khammond on DSKJM1Z7X2PROD with PROPOSALS
17298
Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules
devices, subject to the following
conditions:
a. Maintain Business Continuity/
Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program
Requirements—Part 748 to safeguard
consumer information.
c. Comply with NCUA and FFIEC
Guidance for Authentication in an
internet Banking Environment as
applicable.
d. Maintain bond/liability insurance
as appropriate.
e. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
f. Annually provide OCCU copy of
bond/liability insurance, report on
controls at a service organization,
business continuity plans and test
results.
10. Bill Pay and Electronic Bill
Presentment and Payment (EBPP)
Services: Offering services to allow
consumers to send money to a creditor
or vendor to be credited against a
specific account. Bill payments may be
executed electronically, via paper check
or banker’s draft, or other similar
electronic payment means. Services may
also include electronically presenting
bills and/or billing statements, subject
to the following conditions:
a. Maintain Business Continuity/
Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program
Requirements—Part 748 to safeguard
consumer information.
c. Comply with NCUA and FFIEC
Guidance for Authentication in an
internet Banking Environment as
applicable.
d. Maintain bond/liability insurance
as appropriate.
e. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
f. Annually provide OCCU copy of
bond/liability insurance, report on
controls at a service organization,
business continuity plans and test
results.
11. Electronic Statements/Paper
Statements: Providing electronic and
paper delivery of periodic account
statements, subject to the following
conditions:
a. Comply with the Security Program
Requirements—Part 748 to safeguard
consumer information.
b. Comply with NCUA and FFIEC
Guidance for Authentication in an
internet Banking Environment as
applicable.
c. Maintain bond/liability insurance
as appropriate.
VerDate Sep<11>2014
15:54 Mar 26, 2020
Jkt 250001
d. Annually provide OCCU copy of
bond/liability insurance, business
continuity plans and test results.
12. Credit Card, Debit Card, and Gift
or Prepaid Card Program Services:
Offering debit, credit, and gift or
prepaid card programs and processing
to include: access to card networks and
gateways, authorization and settlement
of signature debit transactions,
including settlement of related funds;
fraud monitoring, risk management, and
case support services to include neural
networks and charge-back processing
services; back office card support and
management, reconciliation of daily
settlement and adjustment processing;
card maintenance, issuance, and
transaction reports; card program
project management and
implementation; and other similar
services. Gift or prepaid cards may be
reloadable or non-reloadable, subject to
the following conditions:
a. Maintain Business Continuity/
Disaster Recovery plan ensuring
uninterrupted operations.
b. Maintain bond/liability insurance
as appropriate.
c. Maintain and certify compliance
with current PCI/DSS (Payment Card
Industry/Data Security Standards).
d. Maintain neural network or other
industry standard fraud detection
system.
e. Comply with network processing
agreements and standards.
f. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
g. Annually provide OCCU copy of
bond/liability insurance, business
continuity plans and test results, report
on controls at a service organization,
and PCI/DSS compliance certification.
13. Automated Teller Machine (ATM),
Electronic Funds Transfer (EFT), and
Point of Sale (POS) Services and
Networks: Offering programs that allow
access to a network of EFT terminals
and ATMs to initiate PIN-based debit or
ATM card transactions. ATM services
include utilizing a shared ATM
network, setting up a private ATM
network, monitoring of ATM
connectivity and availability, including
the management of telecom circuits and
modems, assisting with the
implementation of new ATMs, ensuring
data security and integrity, providing
network access, authorization of PIN
transactions completed at ATMs,
including settlement of related funds.
Other services include fraud monitoring
of PIN transactions, adjustment and
dispute resolution processing to include
card blocking, chargeback processing,
related research and other similar
PO 00000
Frm 00011
Fmt 4702
Sfmt 4702
services, subject to the following
conditions:
a. Maintain Business Continuity/
Disaster Recovery plan ensuring
uninterrupted operations.
b. Maintain bond/liability insurance
as appropriate.
c. Maintain and certify compliance
with current PCI/DSS.
d. Maintain neural network or other
industry standard fraud detection
system.
e. Comply with network processing
agreements and standards.
f. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
g. Annually provide OCCU copy of
bond/liability insurance, business
continuity plans and test results, report
on controls at a service organization,
and PCI/DSS compliance certification.
14. Shared Branching Services:
Providing for the sharing of
infrastructure to establish a private,
secure, cooperative processing network
that accepts transactions from members
of participating credit unions. Shared
branching functionality includes
conducting deposits, account balance
inquiries, and check cashing, and
requesting funds transfers, official
checks, or other similar services, subject
to the following conditions:
a. Maintain Business Continuity/
Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program
Requirements—Part 748 to safeguard
consumer information.
c. Comply with NCUA and FFIEC
Guidance for Authentication in an
internet Banking Environment as
applicable.
d. Maintain and certify compliance
with current PCI/DSS network
standards or other similar shared
network security standard, if applicable.
e. Maintain bond/liability insurance
as appropriate.
f. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
g. Annually provide OCCU copy of
bond/liability insurance, business
continuity plans and test results, report
on controls at a service organization,
and PCI/DSS compliance certification, if
applicable.
A corporate credit union may engage
in the following information technology
services:
1. Web Development, Hosting, &
Content Management: Developing and
designing non-transaction public
websites, private or internal websites,
and web applications. Website hosting
to include maintaining the servers and
html code for public and private
E:\FR\FM\27MRP1.SGM
27MRP1
khammond on DSKJM1Z7X2PROD with PROPOSALS
Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 / Proposed Rules
websites, intranets, and Web
applications used on customer websites.
Offering web content management
(WCM) systems to simplify the
publication of web content and updates
to websites and mobile devices, subject
to the following conditions:
a. Maintain business recovery plan
ensuring uninterrupted operations.
b. Maintain bond/liability insurance
appropriate for activity.
c. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
d. Annually provide OCCU copy of
bond/liability insurance, business
contingency plans & test results.
2. Web Authentication & Security
Monitoring: Web security and
monitoring services such as
authentication and encryption of
passwords and other similar techniques
for secure member login to intranets,
extranets, and private websites; host
based intrusion protection and
detection; log monitoring; hacker-safe
monitoring programs; and configuration
and daily administration web security
and other similar monitoring services,
subject to the following conditions:
a. Comply with the Security Program
Requirements—Part 748 of the NCUA
Rules and Regulations.
b. Comply with NCUA and FFIEC
Guidance for Authentication in an
internet Banking Environment as
applicable.
c. Maintain bond/liability insurance
appropriate for activity.
d. Adhere to AICPA audit standards
for reporting on controls at a service
organization.
e. Annually provide OCCU copy of
bond/liability insurance, business
contingency plans & test results.
3. Software Systems Development/
Application Programming Interface
(API) Development: Designing, coding,
testing and updating custom software
system data programs and other code
(e.g., scripts). Application Programming
Interface (API) development includes
developing, testing, and updating
custom applications which interface
with other existing systems and
applications such as core processing
systems, subject to the following
conditions:
a. Comply with the Security Program
Requirements—Part 748 of the NCUA
Rules and Regulations.
b. Conduct independent code review
for custom software systems and
applications.
c. Adhere to audit standards for thirdparty service providers.
d. Maintain source code for custom
developed software systems in escrow
or in similar arrangement.
VerDate Sep<11>2014
15:54 Mar 26, 2020
Jkt 250001
4. Secure Collaboration Services:
Programs, systems, or sites for
establishing secure communication
channels for private document storage
and distribution, and dissemination of
confidential or sensitive information for
the purpose of collaboration between
authorized parties, provided that the
corporate CUSO complies with the
Security Program Requirements—Part
748 of the NCUA Rules and Regulations.
5. Information Technology (IT)
Consulting and Management Services:
Consulting and management services for
IT infrastructure design and
architecture, system security,
administration, support, resource
management and monitoring. Services
include offering Software as a Service
(SaaS), Infrastructure as a Service (IaaS),
Platform as a Service (PaaS), and
planning and management, and the
provisioning of hardware and software
for business continuity planning to
include online data backup and
recovery services, subject to the
following conditions:
a. Comply with the Security Program
Requirements—Part 748 and Records
Preservation Program and Records
Retention Appendix—Part 749 of the
NCUA Rules and Regulations.
b. Maintain bond/liability insurance
appropriate for activity.
c. Annually provide OCCU copy of
bond/liability insurance, vendor due
diligence reports, security program,
business contingency plans & test
results.
A corporate credit union may engage
in the following investment/ALM
services:
1. Asset Liability Management (ALM)
Consulting, Advisory, and Reporting
Services: Consulting, advisory, and
reporting services for balance sheet and
interest rate risk management. This
includes ALM interest rate risk
modeling, measurement, and reporting;
ALM model validation services;
consulting services for ALM policy
development, core deposit studies,
lending pool analysis and valuations,
and other similar services.
[FR Doc. 2020–03837 Filed 3–26–20; 8:45 am]
BILLING CODE 7535–01–P
PO 00000
Frm 00012
Fmt 4702
Sfmt 4702
17299
BUREAU OF CONSUMER FINANCIAL
PROTECTION
12 CFR Part 1006
[Docket No. CFPB–2020–0010]
RIN 3170–AA41
Debt Collection Practices (Regulation
F); Extension of Comment Period
Bureau of Consumer Financial
Protection.
ACTION: Supplemental notice of
proposed rulemaking; extension of
comment period.
AGENCY:
On March 3, 2020, the Bureau
of Consumer Financial Protection
(Bureau) published in the Federal
Register a Supplemental Notice of
Proposed Rulemaking (SNPRM)
requesting comment on the Bureau’s
proposal to amend Regulation F, which
implements the Fair Debt Collection
Practices Act (FDCPA), to require debt
collectors to make certain disclosures
when collecting time-barred debts. The
SNPRM provided a 60-day comment
period that was set to close on May 4,
2020. To allow interested persons more
time to consider and submit their
comments, the Bureau has determined
that an extension of the comment period
until June 5, 2020, is appropriate.
DATES: The comment period for the debt
collection SNPRM published March 3,
2020, at 85 FR 12672, is extended.
Responses to the SNPRM must now be
received on or before June 5, 2020.
ADDRESSES: You may submit comments,
identified by Docket No. CFPB–2020–
0010 or RIN 3170–AA41, by any of the
following methods:
• Federal eRulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• Email: 2020-NPRM-DebtCollection@
cfpb.gov. Include Docket No. CFPB–
2020–0010 or RIN 3170–AA41 in the
subject line of the email.
• Mail/Hand Delivery/Courier:
Comment Intake, Bureau of Consumer
Financial Protection, 1700 G Street NW,
Washington, DC 20552.
Instructions: The Bureau encourages
the early submission of comments. All
submissions should include the agency
name and docket number or Regulatory
Information Number (RIN) for this
rulemaking. Because paper mail in the
Washington, DC area and at the Bureau
is subject to delay, commenters are
encouraged to submit comments
electronically. In general, all comments
received will be posted without change
to https://www.regulations.gov. In
addition, comments will be available for
public inspection and copying at 1700
SUMMARY:
E:\FR\FM\27MRP1.SGM
27MRP1
]]>Agencies
[Federal Register Volume 85, Number 60 (Friday, March 27, 2020)]
[Proposed Rules]
[Pages 17288-17299]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-03837]
�========================================================================
�Proposed Rules
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains notices to the public of
�the proposed issuance of rules and regulations. The purpose of these
�notices is to give interested persons an opportunity to participate in
�the rule making prior to the adoption of the final rules.
�
�========================================================================
�
��Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 /
Proposed Rules��
[[Page 17288]]
NATIONAL CREDIT UNION ADMINISTRATION
12 CFR Part 704
RIN 3133-AF13
Corporate Credit Unions
AGENCY: National Credit Union Administration (NCUA).
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: The NCUA Board (Board) is seeking comment on a proposed rule
that would amend the NCUA's corporate credit union regulation. The
proposed rule would update, clarify, and simplify several provisions of
the NCUA's corporate credit union regulation, including: Permitting a
corporate credit union to make a minimal investment in a credit union
service organization (CUSO) without the CUSO being classified as a
corporate CUSO under the NCUA's rules; expanding the categories of
senior staff positions at member credit unions eligible to serve on a
corporate credit union's board; amending the minimum experience and
independence requirement for a corporate credit union's enterprise risk
management expert; and requiring a corporate credit union to deduct
certain investments in subordinated debt instruments issued by natural
person credit unions.
DATES: Comments must be received by May 26, 2020.
ADDRESSES: You may submit written comments, identified by RIN 3133-
AF13, by any of the following methods (Please send comments by one
method only):
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments.
Fax: (703) 518-6319. Include ``[Your Name]--Comments on
Proposed Rule: Corporate Credit Unions'' in the transmittal.
Mail: Address to Gerard Poliquin, Secretary of the Board,
National Credit Union Administration, 1775 Duke Street, Alexandria,
Virginia 22314-3428.
Hand Delivery/Courier: Same as mail address.
Public Inspection: You may view all public comments on the Federal
eRulemaking Portal at https://www.regulations.gov as submitted, except
for those we cannot post for technical reasons. The NCUA will not edit
or remove any identifying or contact information from the public
comments submitted. You may inspect paper copies of comments in the
NCUA's law library at 1775 Duke Street, Alexandria, Virginia 22314, by
appointment weekdays between 9:00 a.m. and 3:00 p.m. To make an
appointment, call (703) 518-6546, or send an email to [email protected].
FOR FURTHER INFORMATION CONTACT: Policy and Analysis: Robert Dean,
National Supervision Analyst, Office of National Examinations and
Supervision, (703) 518-6652; Legal: Rachel Ackmann, Senior Staff
Attorney, Office of General Counsel, (703) 548-2601; or by mail at
National Credit Union Administration, 1775 Duke Street, Alexandria, VA
22314.
SUPPLEMENTARY INFORMATION:
I. Introduction
a. Legal Authority and Background
The Board is issuing this rule pursuant to its authority under the
Federal Credit Union Act (FCU Act).\1\ Under the FCU Act, the NCUA is
the chartering and supervisory authority for Federal credit unions
(FCUs) and the federal supervisory authority for federally insured
credit unions (FICUs). The FCU Act grants the NCUA a broad mandate to
issue regulations governing both FCUs and FICUs. Section 120 of the FCU
Act is a general grant of regulatory authority and authorizes the Board
to prescribe regulations for the administration of the FCU Act.\2\
Section 209 of the FCU Act is a plenary grant of regulatory authority
to the NCUA to issue regulations necessary or appropriate to carry out
its role as share insurer for all FICUs.\3\ The FCU Act also includes
an express grant of authority for the Board to subject federally
chartered central, or corporate, credit unions to such rules,
regulations, and orders as the Board deems appropriate.\4\
---------------------------------------------------------------------------
\1\ 12 U.S.C. 1751 et seq.
\2\ 12 U.S.C. 1766(a).
\3\ 12 U.S.C. 1789.
\4\ 12 U.S.C. 1766(a).
---------------------------------------------------------------------------
Part 704 of the NCUA's regulations implements the requirements of
the FCU Act regarding corporate credit unions.\5\ In 2010, the Board
comprehensively revised the regulations governing corporate credit
unions to provide longer-term structural enhancements to the corporate
system in response to the financial crisis of 2007-2009.\6\ The
provisions of the 2010 rule successfully stabilized the corporate
system and improved corporate credit unions' ability to function and
provide services to natural person credit unions. Since 2010, and as
part of the Board's continuous reevaluation of its regulation of
corporate credit unions, the Board has amended part 704 on several
occasions.\7\ Part 704 was last amended in 2017, when the Board amended
corporate credit union capital standards to change the calculation of
capital after a consolidation and to set a retained earnings ratio
target in meeting prompt corrective action (commonly referred to as
PCA) standards.\8\
---------------------------------------------------------------------------
\5\ 12 CFR part 704.
\6\ 75 FR 64786 (Oct. 20, 2010).
\7\ See e.g., 80 FR 25932 (May 6, 2015), 80 FR 57283 (Sept. 23,
2015), and 82 FR 55497 (Nov. 22, 2017).
\8\ 82 FR 55497 (Nov. 22, 2017).
---------------------------------------------------------------------------
b. Regulatory Review
The NCUA reviews all of its existing regulations every three years.
The NCUA's Office of General Counsel maintains a rolling review
schedule that identifies one-third of its existing regulations for
review each year and provides notice to the public of those regulations
under review so the public may have an opportunity to comment. Part 704
was part of the Office of General Counsel's 2019 annual regulatory
review.\9\ The Board received several comments on updating part 704 as
part of the 2019 annual regulatory review.
---------------------------------------------------------------------------
\9\ See, https://www.ncua.gov/regulation-supervision/rules-regulations/regulatory-review.
---------------------------------------------------------------------------
II. Proposed Rule
The Board proposes to update, clarify, and simplify several
provisions of part 704. Specifically, the proposed rule would: (1)
Permit a corporate credit union to make a minimal investment in a CUSO
without the CUSO being
[[Page 17289]]
classified as a corporate CUSO and subject to heightened NCUA
oversight; (2) expand the categories of senior staff positions at
member credit unions eligible to serve on a corporate credit union's
board; (3) remove the experience and independence requirement for a
corporate credit union's enterprise risk management expert; (4) clarify
the treatment of an investment in a subordinated debt instrument of a
natural person credit union; (5) codify the current list of permissible
activities for a corporate CUSO; (6) clarify the definition of a
collateralized debt obligation; and (7) simplify the requirement for
net interest income modeling. Each proposed change is discussed in
detail below.
A. Minimal Investment in Natural Person CUSOs
Part 704 includes specific regulations for a corporate credit
union's investment and lending activity and permits a corporate credit
union to invest in and lend to a corporate CUSO. A corporate CUSO is
defined as an entity that is at least partly owned by a corporate
credit union; primarily serves credit unions; restricts its services to
those related to the normal course of business of credit unions; \10\
and is structured as a corporation, limited liability company, or
limited partnership under state law.\11\
---------------------------------------------------------------------------
\10\ See, 12 CFR 704.11(e).
\11\ 12 CFR 704.11(a).
---------------------------------------------------------------------------
Similar to natural person credit union service organizations (NP
CUSOs), the Board cannot regulate corporate CUSOs directly, but it can,
for safety and soundness reasons, regulate the types of investments
that corporate credit unions make and whether a corporate credit union
may invest in a CUSO. Part 704 includes several prudential requirements
to ensure corporate credit union investment in and lending to corporate
CUSOs is safe and sound. For example, part 704 regulates aggregate
corporate credit union investment in and lending to corporate CUSOs.
Part 704 also includes customer base requirements, permissible
activities, accounting and audit standards, and requires NCUA access to
corporate CUSO facilities, books, and records. In general, many of the
prudential standards for corporate CUSOs are more restrictive than the
standards for NP CUSOs.\12\ The Board has historically imposed more
restrictive standards for corporate CUSOs as they may serve hundreds or
even thousands of natural person credit unions and pose unique systemic
risk.\13\ Additionally, core functions of corporate credit unions that
pose systemic risk could be moved to corporate CUSOs. The Board has
expressed concern that the movement of these core functions to entities
that are not directly regulated by the NCUA could increase the systemic
risk associated with corporate CUSOs, and the Board wants to ensure it
has a degree of oversight and control of these activities.\14\
---------------------------------------------------------------------------
\12\ For example, the permissible activities for a corporate
CUSO are more limited than the permissible activities for a NP CUSO.
A corporate CUSO may seek Board permission to engage in additional
activities, but the process can be burdensome. In addition,
corporate CUSOs are also subject to more rigorous NCUA oversight. A
corporate CUSO must agree to give the NCUA complete access to its
personnel, facilities, equipment, books, records, and other
documentation that the NCUA deems pertinent. In contrast, NP CUSOs
must provide the NCUA with complete access to its books and records
and the ability to review its internal controls, as deemed necessary
by the NCUA. Finally, corporate CUSOs must provide quarterly
financial statements to the corporate credit union. In contrast, NP
CUSOs must prepare quarterly financial statements, but do not have
to provide the statements to FCUs.
\13\ 74 FR 65210 (Dec. 9, 2009).
\14\ Id.
---------------------------------------------------------------------------
As stated above, a corporate CUSO is defined as an entity that is
at least partly owned by a corporate credit union; primarily serves
credit unions; restricts its services to those related to the normal
course of business of credit unions; and is structured as a
corporation, limited liability company, or limited partnership under
state law.\15\ The definition is broad and includes no exception for de
minimus, non-controlling equity investments. Accordingly, any corporate
credit union equity interest in a CUSO, regardless of how small a share
of the CUSO the corporate credit union owns, is sufficient to designate
the CUSO as a corporate CUSO and subject it to additional requirements
under part 704.
---------------------------------------------------------------------------
\15\ 12 CFR 704.11(a).
---------------------------------------------------------------------------
The proposed rule would amend the definition of corporate CUSO so
that a corporate credit union could make a de minimus, non-controlling
investment in a NP CUSO without the CUSO being deemed a corporate CUSO.
The Board has reconsidered its position that any corporate credit union
investment in a CUSO must be subject to enhanced standards under part
704. The Board believes that a corporate credit union's non-controlling
investment would not pose the same systemic risks to the credit union
system as a controlling investment. It is unlikely that a corporate
credit union would move its essential functions into a non-controlled
CUSO.
The Board has also considered the benefits of permitting corporate
credit unions to make de minimus, non-controlling investments in NP
CUSOs. Compared to corporate CUSOs, NP CUSOs are permitted to engage in
a broader range of permissible activities and services. Consequently,
NP CUSOs are often a source of collaboration and innovation among FICUs
that may result in the origination of new products and services. To
compete effectively in today's technology-based financial service
market, FICUs may need to rely increasingly on pooling their resources
to fund CUSOs and to build the necessary infrastructure. The costs for
research and development, acquisition, implementation, and specialized
staff capable of managing these new technologies may be prohibitive for
all but a very few of the largest FICUs. CUSOs may provide the means
for FICUs to collectively address these challenges and may enable FICUs
to collaboratively develop technologies that better serve their
members.
Without the opportunity to invest in NP CUSOs, a corporate credit
union may be restricted in its ability to participate in this process.
The Board believes that by expanding corporate credit union investment
authorities, while still maintaining necessary safeguards, corporate
credit unions will be in a better position to participate in the
development of new products and services. NP CUSOs would also benefit
from a larger pool of potential investors, which may enable further
research and development during this period of rapid technological
growth.
In addition to amending the definition of corporate CUSO to permit
de minimus, non-controlling investments in NP CUSOs, the proposed rule
would also make several conforming amendments to part 704. The specific
details of the proposed amendments are discussed below.
Sec. 704.2 Definitions
Consolidated credit union service organization. Generally,
consolidated CUSOs are those majority-owned by a corporate credit
union. The proposed rule would amend the definition of consolidated
CUSO to use the newly defined term ``CUSO'' for clarity. Under the
proposed rule, a consolidated CUSO would mean any CUSO the assets of
which are consolidated with those of the corporate credit union for
purposes of reporting under Generally Accepted Accounting Principles
(GAAP).
Corporate CUSO. As discussed above, the proposed rule would amend
the definition of a corporate CUSO. Under the proposed rule, a CUSO
would be designated as a corporate CUSO only if one or more corporate
credit unions
[[Page 17290]]
have a controlling interest. A corporate credit union would be
considered to have a controlling interest if: (1) The CUSO is
consolidated on a corporate credit union's balance sheet; (2) a
corporate credit union has the power, directly or indirectly, to direct
the CUSO's management or policies; or (3) a corporate credit union owns
25 percent or more of the CUSO's contributed equity, stock, or
membership interests.\16\ A CUSO would also be designated as a
corporate CUSO if the aggregate corporate credit union ownership of all
corporates investing in the CUSO meets or exceeds 50 percent of the
CUSO's contributed equity, stock, or membership interests. The Board is
concerned that if several corporate credit unions have a majority
ownership interest in a CUSO, the CUSO could present the same risk to
the credit union system as a CUSO that is controlled by one corporate
credit union. If any of these four conditions are met, then the CUSO
would meet the definition of a corporate CUSO and be subject to
additional requirements under part 704. The definition of corporate
CUSO would also be moved to Sec. 704.2 for consistency with the
location of other definitions in part 704.
---------------------------------------------------------------------------
\16\ The proposed definition is related to the definition of
control in the Federal Deposit Insurance Act for notices filed under
the Change in Bank Control Act. 12 U.S.C. 1817(j).
---------------------------------------------------------------------------
Credit Union Service Organization (CUSO). The proposed rule would
define the term CUSO for purposes of part 704. Under the proposed rule,
a CUSO would mean both a NP CUSO under part 712 and a corporate CUSO
under part 704.11. The proposed definition makes it clear that the term
CUSO applies to both NP CUSOs and corporate CUSOs unless otherwise
stated. For example, when calculating tier 1 capital under part 704, a
corporate credit union must deduct, in part, investments in any
``unconsolidated CUSO.'' By using the term ``CUSO,'' instead of the
defined terms ``corporate CUSO'' and ``consolidated CUSO,'' the
proposed rule should be clear that a corporate credit union must deduct
unconsolidated investments in both a NP CUSO and a corporate CUSO.
Sec. Sec. 704.5 Investments, 704.6 Credit Risk Management, and 704.7
Lending
The proposed rule would remove references to corporate CUSOs and
instead refer to the general term CUSO because those provisions would
continue to apply to a corporate credit union investing in and lending
to both NP CUSOs and corporate CUSOs, as explained in detail below in
the discussion of the proposed changes to Sec. 704.11.
Sec. 704.11 Credit Union Service Organizations (CUSOs)
Under the proposed rule, Sec. 704.11 would be reorganized for
clarity, however, the substantive requirements for corporate CUSOs
would not be amended. The intent of the reorganization is to be clear
that certain requirements apply to a corporate credit union's
investment in or lending to both NP CUSOs and corporate CUSOs, certain
requirements apply only to NP CUSOs, and other requirements apply only
to corporate CUSOs.
The proposed rule sets forth the requirements for all corporate
credit union investments in or lending to CUSOs. The proposed rule, in
Sec. 704.11(a), states that the aggregate investment and lending
limits apply regardless of whether a corporate credit union's
investment or loan is to a NP CUSO or a corporate CUSO. The proposed
rule does not amend the current aggregate limitations on investments
and lending.\17\ A corporate credit union that has already invested in
or loaned the maximum permitted under the current rule would not be
authorized to invest or lend any additional money. Instead, such a
corporate credit union would have to reallocate its investments or
loans if it seeks to make any new investments that are prohibited.
---------------------------------------------------------------------------
\17\ 12 CFR 704.11(b). In general, the aggregate of all
investments in corporate CUSOs that a corporate credit union may
make must not exceed 15 percent of a corporate credit union's total
capital. The aggregate of all investments in and loans to corporate
CUSOs that a corporate credit union may make must not exceed 30
percent of a corporate credit union's total capital. A corporate
credit union may lend to corporate CUSOs an additional 15 percent of
total capital if the loan is collateralized by assets in which the
corporate has a perfected security interest under state law.
---------------------------------------------------------------------------
In Sec. 704.11(b), the proposed rule states that all corporate
credit union loans to CUSOs are subject to due diligence
requirements.\18\ The proposed rule, as does the current rule, would
require corporate credit unions to comply with certain due diligence
requirements from the NCUA's member business loans rule before making a
loan to a CUSO. Under the proposed rule, corporate credit unions would
be subject to the commercial loan policy and due diligence requirements
in the NCUA's member business loans rule \19\ for lending to both NP
CUSOs and corporate CUSOs. The board-approved policy must ensure
corporate credit union lending activities are performed in a safe and
sound manner by providing for ongoing control, measurement, and
management of CUSO lending. The policy should also include
qualifications and experience requirements for personnel involved in
underwriting, processing, approving, administering, and collecting
loans to CUSOs. The corporate credit union must also have a loan
approval process, underwriting standards and risk management processes
commensurate with the size, scope and complexity of its CUSO lending.
The Board believes these due diligence requirements are the minimum
requirements necessary to ensure that corporate credit unions are
engaging in safe and sound lending practices. The requirements should
not place a new burden on corporate credit unions because any corporate
credit union that is currently making a loan to a corporate CUSO should
be following these basic safety and soundness principles.
---------------------------------------------------------------------------
\18\ 12 CFR 704.11(c). The current rule includes a cross-
reference to due diligence requirements in the member business loan
rule. The member business loan rule, however, was updated in 2015
and the cross-referenced requirements have been removed.
Accordingly, the proposed rule would update the cross references to
reflect the revised member business loan rule.
\19\ 12 CFR 723.4.
---------------------------------------------------------------------------
In Sec. 704.11(c), the proposed rule would set forth the
regulations governing corporate credit union investment in and lending
to NP CUSOs. The proposed rule would state that corporate credit union
investment in and lending to NP CUSOs are generally subject to part 712
of this chapter. The intent of this section is to be clear that a CUSO
is either governed under part 704 as a corporate CUSO, as discussed
below, or subject to part 712 as a NP CUSO. A corporate credit union
investment in a CUSO of a state-chartered natural person credit union
would also be subject to the requirements in part 712.
In Sec. 704.11(d), the proposed rule, like the current rule, would
include safety and soundness requirements for corporate credit union
investments in and loans to corporate CUSOs. In general, the proposed
rule does not make any substantive changes to the existing prudential
requirements. The requirements have been reorganized for clarity and as
part of the general restructuring of Sec. 704.11, but are not
otherwise substantively amended.\20\
---------------------------------------------------------------------------
\20\ The proposed rule would include a few non-substantive
language changes that are only intended to streamline the provision
and enhance clarity.
---------------------------------------------------------------------------
Finally, in Sec. 704.11(e), the proposed rule would include one
new prudential requirement for corporate credit union investments in
and loans to corporate CUSOs. The proposed rule states that
[[Page 17291]]
any subsidiary of a corporate CUSO would be automatically designated a
corporate CUSO. The proposed rule also would provide that all tiers or
levels of a corporate CUSO's structure are subject to the requirements
for corporate CUSOs. The Board believes this level of oversight is
necessary for all tiers of a corporate CUSO because corporate CUSOs
affect not only the health of the investing corporate credit union, but
also the health of the credit union system as a whole. Many corporate
CUSOs serve natural person credit unions directly. As stated
previously, the Board has historically been concerned that some
activities might migrate from corporate credit unions to CUSOs and
their subsidiaries, and the Board needs to ensure each layer in the
corporate structure is subject to certain minimal prudential
requirements.
Sec. 704.19 Disclosure of Executive Compensation
Section 704.19 currently requires that each corporate credit union
annually prepare and maintain a document that discloses the
compensation of certain employees, including compensation received from
a corporate CUSO.\21\ The proposal would amend Sec. 704.19 to require
that employee compensation from either a NP CUSO or a corporate CUSO
must be reported. The Board notes that under the current rule to
facilitate this disclosure, Sec. 704.11(g) requires a corporate CUSO
to disclose compensation paid to any employees that are also employees
of a corporate credit union lending to, or investing in, the CUSO. This
provision places the burden of disclosure on the corporate CUSO. The
proposed rule, however, would not include a similar requirement for NP
CUSOs.\22\ Accordingly, the dual employee would be required to disclose
his or her compensation from the NP CUSO for the corporate credit union
to make the required disclosure.
---------------------------------------------------------------------------
\21\ 12 CFR 704.19(a).
\22\ The Board notes, however, that part 712 prohibits officials
and senior management employees, and their immediate family members
of an FCU with an outstanding loan or investment from receiving any
salary, commission, investment income, or other income or
compensation from the CUSO, either directly or directly. 12 CFR
712.8.
---------------------------------------------------------------------------
B. Corporate Credit Union Board Representation
Section 704.14 currently requires that at least a majority of a
corporate credit union's board members must serve on the corporate
credit union's board as a representative of a member credit union.\23\
In addition, any candidate for a position on the board of a corporate
credit union must hold a senior management position at a member credit
union and hold that position at the time he or she is seated on the
board of a corporate credit union. Currently, only an individual who
holds the position of chief executive officer, chief financial officer,
chief operating officer, or treasurer/manager at a member credit union,
and will hold that position at the time he or she is seated on the
corporate credit union board if elected, may seek election or re-
election to the corporate credit union board.
---------------------------------------------------------------------------
\23\ 12 CFR 704.14.
---------------------------------------------------------------------------
The proposed rule would expand the credit union officials eligible
to serve on a corporate credit union board. The proposed rule would no
longer expressly limit the corporate credit union board to the above
stated positions and instead would include any person in a senior staff
position at a member credit union. The proposed rule would then list
the current positions as examples of senior staff positions that are
eligible to serve on a corporate credit union board. The proposed rule
also would include two new positions, chief information officer and
chief risk officer, in the list of examples of senior staff positions
eligible to serve on a corporate credit union board.
The Board believes that officials who hold a senior management
position at a member credit union are qualified individuals who could
offer expertise as a corporate credit union board member. Not only
would the corporate credit union members have more flexibility in
choosing board members, but expanding eligible senior staff positions,
such as chief information officer and chief risk officer, would widen
the range of expertise on corporate credit union boards.
C. Enterprise Risk Management
Section 704.21 requires corporate credit unions to develop and
follow an enterprise risk management policy.\24\ A corporate credit
union must also establish an enterprise risk management committee
(ERMC) and include an independent risk management expert on the
committee. The Board adopted these requirements in 2011 due to concerns
that corporate credit unions were not adequately focused on the
aggregation of exposures across entire institutions, even though the
Board believed that corporate credit unions were adequately focused on
individual risk exposures.\25\
---------------------------------------------------------------------------
\24\ 12 CFR 704.21.
\25\ 76 FR 23861 (Apr. 29, 2011) and 80 FR 25932 (May 6, 2015).
---------------------------------------------------------------------------
The current rule includes several specific requirements regarding
the independent risk management expert on the committee. The risk
management expert must have at least five years of experience in
identifying, assessing, and managing risk exposures.\26\ This
experience must be commensurate with the size of the corporate credit
union and the complexity of its operations. In addition, the current
rule provides what constitutes independence. A risk management expert
qualifies as independent if: (1) The expert reports to the ERMC and to
the corporate credit union's board of directors; (2) neither the
expert, nor any immediate family member of the expert, is supervised by
or has any material business or professional relationship with the
chief executive officer (CEO) of the corporate credit union, or anyone
directly or indirectly supervised by the CEO; and (3) neither the
expert, nor any immediate family member of the expert, has had any of
the previously described relationships for at least the past three
years.\27\ The Board specifically included experience and independence
requirements to ensure the enterprise risk management expert is
adequately qualified and not influenced by the operational side of the
corporate credit union.\28\
---------------------------------------------------------------------------
\26\ 12 CFR 704.21(c).
\27\ 12 CFR 704.21(d).
\28\ 76 FR 23861 (Apr. 29, 2011).
---------------------------------------------------------------------------
The Board, however, no longer believes that it is necessary for
prescriptive experience requirements and for the risk management expert
to be independent of the corporate credit union. The Board believes the
corporate credit union should have more discretion in choosing an
adequate risk management expert. The Board does not believe that a
prescriptive five-year experience requirement is necessary. The Board
believes that corporate credit unions are in the best position to
determine the appropriate level of experience necessary for the
position. The proposed rule also would permit the risk management
expert to report directly to the ERMC.
Additionally, the Board believes that the effectiveness of risk
management practices is driven by a multitude of factors, to include
policies, processes, and qualified knowledge. Many corporate credit
unions have integrated their enterprise risk management function into
their business decision making, and at many corporate credit unions,
internal corporate staff possess the skills and experience to capably
manage the enterprise risk management program. By and large, corporate
credit unions have improved their ability to assess risk and
effectively challenge
[[Page 17292]]
evaluations of risk since the current rule was first adopted. The
proposed rule would provide the corporate credit unions flexibility to
choose an internal risk management expert instead of engaging an
outside consultant.
The Board, however, notes that even though independence is no
longer an explicit requirement, for best enterprise risk management
practices, the expert should have appropriate stature and authority to
effectively manage and lead an enterprise risk management program. The
expert must be competent to analyze risks across the institution and
have the capability to communicate those risks to the board or ERMC
despite potential influence from the operational side of the corporate
credit union. The NCUA will evaluate the adequacy of a corporate credit
union's enterprise risk management practices through the supervisory
process. Sound risk management is a cornerstone responsibility of a
credit union's leadership; therefore, CAMEL and risk ratings will
incorporate the supervisory team's assessment of this area. Weaknesses
in risk management may result in supervisory actions.
D. Natural Person Credit Union Subordinated Debt Instruments
The Board recently issued a proposed rule to permit low-income
designated credit unions, complex credit unions, and new credit unions
to issue subordinated debt instruments for purposes of regulatory
capital treatment (subordinated debt NPR).\29\ If the Board adopts the
proposed rule as final, it expects additional credit unions to begin
issuing subordinated debt instruments. Therefore, the Board believes it
is necessary to clarify whether corporate credit unions may purchase
such instruments and, if so, the treatment of the investments under
part 704.
---------------------------------------------------------------------------
\29\ Available at, https://www.ncua.gov/files/publications/regulations/proposed-rule-subordinated-debt.pdf (Feb. 7, 2020).
---------------------------------------------------------------------------
This proposed rule would create a new definition for the term
natural person credit union subordinated debt instrument. The proposed
rule would define a natural person credit union subordinated debt
instrument as any debt instrument issued by a natural person credit
union that is subordinate to all other claims against the credit union,
including the claims of creditors, shareholders, and either the
National Credit Union Share Insurance Fund (NCUSIF) or the insurer of a
privately insured credit union. The Board intends for this definition
to include all instruments issued under the subordinated debt NPR.
The Board is clarifying that corporate credit unions may purchase
subordinated debt instruments of natural person credit unions under a
corporate credit union's lending authority. This authority is derived
from their lending authority because subordinated debt instruments are
issued under a natural person credit union's borrowing authority.
Additionally, natural person credit unions are also permitted to,
subject to various restrictions and limits, purchase such subordinated
debt instruments from other natural person credit unions under their
lending authority. Treating the purchase of such subordinated debt
instruments as lending would ensure consistent treatment between
natural person credit unions and corporate credit unions. The proposed
rule would not explicitly state that a corporate credit union may
purchase a natural person credit union subordinate debt instrument
because the Board believes corporate credit unions' current lending
authority is currently sufficiently broad to include purchasing
subordinated debt instruments.
The proposed rule, however, would require that a corporate credit
union fully deduct the amount of the subordinated debt instrument from
its tier 1 capital to ensure consistent treatment between investments
in the capital of other corporate credit unions and natural person
credit unions. Corporate credit unions are currently required to deduct
from tier 1 capital any investments in perpetual contributed capital
and nonperpetual capital accounts that are maintained at other
corporate credit unions.\30\ The Board believes that investments in
natural person credit union subordinated debt instruments should be
treated similarly as such instruments may qualify as regulatory capital
for the natural person credit union. The Board is also concerned about
systemic risk if corporate credit unions own a significant amount of
natural person credit union issued subordinated debt. Finally, a
natural person credit union subordinated debt instrument would be in a
first loss position, even before the NCUSIF and any private insurance
fund or entity. Therefore, an involuntary liquidation of the issuing
credit union would potentially mean large, and likely total, losses for
the holders of those subordinated obligations. The Board believes that
fully deducting such instruments from tier 1 capital will ensure any
potential losses do not affect the capital position of the investing
corporate credit union. This measured approach strikes the right
balance between providing corporate credit unions the flexibility to
purchase natural person credit union subordinated debt instruments and
avoiding undue systemic risk to the credit union system.
---------------------------------------------------------------------------
\30\ See the definition of tier 1 capital in 12 CFR 704.2.
---------------------------------------------------------------------------
E. Approved Corporate CUSO Activities.
Part 704 does not list the permissible activities for corporate
CUSOs in the regulatory text of part 704 of the Code of Federal
Regulations, unlike part 712, which does so for NP CUSOs.\31\ Instead,
Sec. 704.11 requires that, generally, a corporate CUSO must agree that
it will limit its services to brokerage services, investment advisory
services, and other categories of services as preapproved by NCUA and
published on NCUA's website.\32\ A CUSO that desires to engage in an
activity not preapproved by NCUA can apply to NCUA for that approval.
To increase transparency and make it easier for corporate credit unions
to determine if an activity has previously been determined by the Board
to be permissible, the proposed rule would replace the permissible
activities list from the NCUA website with a new appendix to part 704.
The proposed rule would include a new Appendix D, which would reprint
the current list of permissible activities and conditions for corporate
CUSO activities. The Board is not proposing any amendments to the list
at this time. In the future, the Board would make any additions or
changes to the list by amending Appendix D through a rulemaking.
---------------------------------------------------------------------------
\31\ 12 CFR 712.5(b).
\32\ https://www.ncua.gov/regulation-supervision/corporate-credit-unions/corporate-cuso-activities/approved-corporate-cuso-activities.
---------------------------------------------------------------------------
F. Definition of Collateralized Debt Obligation.
Corporate credit unions are prohibited from purchasing certain
overly complex or leveraged investments, including collateralized debt
obligations (commonly referred to as CDOs).\33\ Under the current rule,
the term CDO means a debt security collateralized by mortgage-backed
securities, other asset-backed securities, or corporate obligations in
the form of nonmortgage loans or debt. The term does not include: (1)
Senior tranches of Re-REMICs consisting of senior mortgage- and asset-
backed securities; (2) Any
[[Page 17293]]
security that is fully guaranteed as to principal and interest by the
U.S. Government or its agencies or its sponsored enterprises; or (3)
Any security collateralized by other securities where all the
underlying securities are fully guaranteed as to principal and interest
by the U.S. Government or its agencies or its sponsored
enterprises.\34\ The proposed rule would amend the definition of CDO to
clarify that the definition includes both loans and debt securities.
The proposed rule would change the defined term to ``collateralized
loan or debt obligation,'' but would not otherwise amend the
definition. The NCUA Board is aware that there has been confusion among
industry participants concerning whether collateralized loans meet the
definition and are therefore prohibited. The Board believes amending
the name of the defined term clarifies the Board's intent.
---------------------------------------------------------------------------
\33\ The prohibition on purchasing CDOs was intended to protect
corporate credit unions from the potential for excessive investment
losses. 75 FR 64786, 64793 (Oct. 20, 2010).
\34\ 12 CFR 704.2.
---------------------------------------------------------------------------
G. Net Interest Income Modeling
Under the current rule, a corporate credit union must perform net
interest income (NII) modeling to project earnings in multiple interest
rate environments for a period of no less than two years.\35\ NII
modeling must, at minimum, be performed quarterly, including once on
the last day of the calendar quarter. The proposed rule would make a
change to the timeframe for NII. Under the proposed rule, a corporate
credit union would not be required to perform NII modeling for two
years and instead would only be required to perform modeling for one
year.
---------------------------------------------------------------------------
\35\ 12 CFR 704.8(e).
---------------------------------------------------------------------------
The Board is proposing to amend the requirements for NII given that
corporate credit unions are also subject to weighted average life (WAL)
limits, which limit asset maturities to less than two years.\36\ Under
the current rule, a corporate credit union must test its financial
assets at least quarterly, including once on the last day of the
calendar quarter, for compliance with this limitation. If the WAL of a
corporate credit union's assets exceeds two years on the testing date,
this test must be calculated at least monthly, including once on the
last day of the month, until the WAL is below two years.
---------------------------------------------------------------------------
\36\ 12 CFR 704.8(f).
---------------------------------------------------------------------------
The Board believes that NII modeling performed over a longer period
than the WAL limits for asset maturities is less useful because the
corporate credit union would also have to estimate what reinvestments
would occur over the two-year period beyond simply estimating interest
cash flows on assets. In addition, corporate credit unions already
conduct net economic value analyses which capture a long-term view of
interest rate risk. The Board believes that NII modeling over a one-
year period sufficiently captures a corporate credit union's short-term
interest rate risk.
III. Request for Comment on the Proposed Rule
The above proposed changes are consistent with the Board's ongoing
efforts to reduce regulatory burden while assuring that corporate
credit unions operate in a safe and sound manner. The Board welcomes
comment on all aspects of the proposal. The Board is particularly
interested in comments on the proposed thresholds and definitions and
is willing to consider alternatives. The Board is requesting comment
specifically on the following questions.
1. Is the proposed definition of corporate CUSO appropriate? Does
it capture the types of corporate credit union investments most likely
to pose systemic risk to the credit union system? The Board is willing
to consider amendments to the definition of corporate CUSO.
2. The proposed definition of a corporate CUSO states that if a
corporate credit owns 25 percent or more of a CUSO's contributed
equity, stock, or membership interests, then the CUSO is a corporate
CUSO. Please comment on whether 25 percent is an appropriate threshold
for control. Should the Board consider a higher or lower threshold? The
Board is willing to consider alternative thresholds for the definition
of corporate CUSO. The Board notes that for some purposes the Federal
Deposit Insurance Corporation defines control as low as 10 percent of
an institution's common stock.
3. How do corporate credit unions structure their investment in
CUSOs? Is it generally through stock? Contributed equity? Membership
interests? Are there any types of typical ownership interests excluded
from the corporate CUSO definition?
4. The proposed rule would not require NP CUSOs to disclose
compensation paid to any employees that are also employees of a
corporate credit union lending to, or investing in, the CUSO. Are
corporate credit unions able to comply with their annual compensation
disclosure without receiving the information from NP CUSOs?
5. Instead of requiring a deduction from capital due to the
investment in a subordinated debt instrument, should the Board prohibit
a corporate credit union from investing in such an instrument?
Prohibiting an investment would limit a corporate credit union's
flexibility, but would further reduce the potential for systemic risk.
Please discuss the definition of natural person credit union
subordinated debt instrument. Does it appropriately capture the
subordinated debt instruments issued by natural person credit unions
that are most likely to pose systemic risk? The Board is open to
alternative treatments for a corporate credit union's investment in
subordinated debt instruments.
6. Would a one-year window for NII modeling provide credit unions
with a more accurate window to project earnings? Should the Board
consider other timeframes to balance the accuracy of projections with
the need for corporate credit unions to understand its interest rate
risk? The Board is willing to consider alternative time periods for
NII.
VII. Regulatory Procedures
Regulatory Flexibility Act
The Regulatory Flexibility Act (RFA) generally requires that, in
connection with a notice of proposed rulemaking, an agency prepare and
make available for public comment an initial regulatory flexibility
analysis that describes the impact of a proposed rule on small entities
(defined for purposes of the RFA to include credit unions with assets
less than $100 million).\37\ A regulatory flexibility analysis is not
required, however, if the agency certifies that the rule will not have
a significant economic impact on a substantial number of small entities
and publishes its certification and a short, explanatory statement in
the Federal Register together with the rule.
---------------------------------------------------------------------------
\37\ See 80 FR 57512 (Sept. 24, 2015).
---------------------------------------------------------------------------
This proposed rule would not have a significant economic impact on
a substantial number of small entities. There are no corporate credit
unions under $100 million in assets. Therefore, the Board certifies
that the rule will not have a significant economic impact on a
substantial number of small entities.
Paperwork Reduction Act
The Paperwork Reduction Act of 1995 (PRA) applies to information
collection requirements in which an agency creates a new paperwork
burden on regulated entities or modifies an existing burden. For
purposes of the PRA, a paperwork burden may take the form of a
reporting, recordkeeping, or
[[Page 17294]]
third-party disclosure requirement, each referred to as an information
collection. The NCUA may not conduct or sponsor, and the respondent is
not required to respond to, an information collection unless it
displays a currently valid Office of Management and Budget (OMB)
control number.
The proposed rule will amend 12 CFR part 704, in part, to address
minimal investments by a corporate credit union in a CUSO without the
CUSO being classified as a corporate CUSO. The information collection
requirements associated with this provision are cleared under OMB
control number 3133-0129 and there are no other new information
collection requirements associated with this proposed rule.
Executive Order 13132
Executive Order 13132 encourages independent regulatory agencies to
consider the impact of their actions on state and local interests. In
adherence to fundamental federalism principles, the NCUA, an
independent regulatory agency as defined in 44 U.S.C. 3502(5),
voluntarily complies with the principles of the executive order. This
rulemaking will not have a substantial direct effect on the states, on
the connection between the national government and the states, or on
the distribution of power and responsibilities among the various levels
of government. The NCUA has determined that this proposal does not
constitute a policy that has federalism implications for purposes of
the executive order.
Assessment of Federal Regulations and Policies on Families
The NCUA has determined that this proposed rule will not affect
family well-being within the meaning of section 654 of the Treasury and
General Government Appropriations Act, 1999, Public Law 105-277, 112
Stat. 2681 (1998).
List of Subjects in 12 CFR Part 704
Credit unions, Corporate credit unions, Reporting and recordkeeping
requirements.
By the National Credit Union Administration Board on February
20, 2020.
Gerard Poliquin,
Secretary of the Board.
For the reasons discussed above, the Board proposes to amend 12 CFR
part 704, as follows:
PART 704--CORPORATE CREDIT UNIONS
0
1. The authority citation for part 704 continues to read as follows:
Authority: 12 U.S.C. 1766(a), 1781, and 1789.
0
2. In Sec. 704.2:
0
a. Revise the definition of Collateralized Debt Obligation,
Consolidated Credit Union Service Organization and Tier 1 Capital; and
0
b. Add definitions for Corporate CUSO, Credit Union Service
Organization (CUSO), and Natural Person Credit Union Subordinated Debt
Instrument, in alphabetical order, to read as follows:
Sec. 704.2 Definitions.
* * * * *
Collateralized Debt and Loan Obligation (CDLO) means a debt
security collateralized by mortgage-backed securities, other asset-
backed securities, or corporate obligations in the form of nonmortgage
loans or debt. For purposes of Part 704, the term CDLO does not
include:
(1) Senior tranches of Re-REMIC's consisting of senior mortgage-and
asset-backed securities;
(2) Any security that is fully guaranteed as to principal and
interest by the U.S. Government or its agencies or its sponsored
enterprises; or
(3) Any security collateralized by other securities where all the
underlying securities are fully guaranteed as to principal and interest
by the U.S. Government or its agencies or its sponsored enterprises.
* * * * *
Consolidated Credit Union Service Organization (Consolidated CUSO)
means any CUSO the assets of which are consolidated with those of the
corporate credit union for purposes of reporting under Generally
Accepted Accounting Principles (GAAP). Generally, consolidated CUSOs
are majority-owned CUSOs.
* * * * *
Corporate CUSO means a CUSO, as defined in part 712, that:
(1) Is a consolidated CUSO;
(2) A corporate credit union has the power, directly or indirectly,
to direct the CUSO's management or policies;
(3) A corporate credit union owns 25 percent or more of the CUSO's
contributed equity, stock, or membership interests; or
(4) The aggregate corporate credit union ownership meets or exceeds
50 percent of the CUSO's contributed equity, stock, or membership
interests.
Credit union service organization (CUSO) means both a CUSO under
part 712 and a corporate CUSO under part 704.
* * * * *
Natural Person Credit Union Subordinated Debt Instrument is any
debt instrument issued by a natural person credit union that is
subordinate to all other claims against the credit union, including the
claims of creditors, shareholders, and either the National Credit Union
Share Insurance Fund or the insurer of a privately insured credit
union.
* * * * *
Tier 1 capital means the sum of items in paragraphs (1) and (2) of
this definition from which items in paragraphs (3) through (7) are
deducted:
(1) Retained earnings;
(2) Perpetual contributed capital;
(3) Deduct the amount of the corporate credit union's intangible
assets that exceed one half percent of its moving daily average net
assets (however, the NCUA may direct the corporate credit union to add
back some of these assets on the NCUA's own initiative, or the NCUA's
approval of petition from the applicable state regulator or application
from the corporate credit union);
(4) Deduct investments, both equity and debt, in unconsolidated
CUSOs;
(5) Deduct an amount equal to any PCC or NCA that the corporate
credit union maintains at another corporate credit union;
(6) Deduct any amount of PCC received from federally insured credit
unions that causes PCC minus retained earnings, all divided by moving
daily average net assets, to exceed two percent when a corporate credit
union's retained earnings ratio is less than two and a half percent;
and
(7) Deduct any natural person credit union subordinated debt
instrument held by the corporate credit union.
* * * * *
0
3. Revise Sec. 704.5(c)(3) to read as follows:
Sec. 704.5 Investments.
* * * * *
(c) * * *
(1) * * *
(2) * * *
(3) CUSOs, subject to the limitations of Sec. 704.11;
* * * * *
0
4. In Sec. 704.6(c)(2)(vi), remove the word ``corporate'' before the
word ``CUSO.''
0
5. In Sec. 704.7, remove the word ``corporate'' before the word
``CUSO'' each place the word appears.
0
6. In Sec. 704.8(e) replace the phrase ``no less than 2 years'' with
``no less than 1 year.''
0
7. Revise Sec. 704.11 to read as follows:
Sec. 704.11 Credit Union Service Organizations (CUSOs).
(a) Investment and loan limitations. (1) The aggregate of all
investments in
[[Page 17295]]
member and non-member CUSOs that a corporate credit union may make must
not exceed 15 percent of a corporate credit union's total capital.
(2) The aggregate of all investments in and loans to member and
nonmember CUSOs a corporate credit union may make must not exceed 30
percent of a corporate credit union's total capital. A corporate credit
union may lend to member and nonmember CUSOs an additional 15 percent
of total capital if the loan is collateralized by assets in which the
corporate has a perfected security interest under state law.
(3) If the limitations in paragraphs (a)(1) and (a)(2) of this
section are reached or exceeded because of the profitability of the
CUSO and the related GAAP valuation of the investment under the equity
method without an additional cash outlay by the corporate, divestiture
is not required. A corporate credit union may continue to invest up to
the regulatory limit without regard to the increase in the GAAP
valuation resulting from the CUSO's profitability.
(b) Due diligence. A corporate credit union must comply with the
commercial loan policy and due diligence requirements of Sec. 723.4 of
this chapter for all loans to CUSOs.
(c) Requirements for CUSOs that are not corporate CUSOs. Corporate
credit union investments in and lending to CUSOs that are not corporate
CUSOs are subject to part 712 of this chapter, except that investment
and loan limitations and due diligence requirements are governed by
this section.
(d) Requirements for Corporate CUSOs. Corporate credit union
authority to invest in or loan to a corporate CUSO is limited to that
provided in this section.
(1) Structure. A corporate CUSO must be structured as a
corporation, limited liability company, or limited partnership under
state law.
(2) Separate entity. (i) A corporate CUSO must be operated as an
entity separate from a corporate credit union.
(ii) A corporate credit union investing in or lending to a
corporate CUSO must obtain a written legal opinion that concludes the
corporate CUSO is organized and operated in a manner that the corporate
credit union will not reasonably be held liable for the obligations of
the corporate CUSO. This opinion must address factors that have led
courts to ``pierce the corporate veil,'' such as inadequate
capitalization, lack of corporate identity, common boards of directors
and employees, control of one entity over another, and lack of separate
books and records.
(3) Permissible activities. (i) A corporate CUSO must agree to
limit its activities to:
(1) Brokerage services,
(2) Investment advisory services, and
(3) Other categories of activities as approved in writing by NCUA
and as reflected in Appendix D.
(ii) Once the NCUA has approved an activity and published that
activity on its website, the NCUA will not remove that particular
activity from the approved list, or make substantial changes to the
content or description of that approved activity, except through the
formal rulemaking process.
(4) Compensation Restrictions. An official of a corporate credit
union which has invested in or loaned to a corporate CUSO may not
receive, either directly or indirectly, any salary, commission,
investment income, or other income, compensation, or consideration from
the corporate CUSO. This prohibition also extends to immediate family
members of officials.
(5) Written Agreement between the Corporate Credit Union and
Corporate CUSO. Prior to making an investment in or loan to a corporate
CUSO, a corporate credit union must obtain a written agreement that the
corporate CUSO:
(i) Will follow GAAP;
(ii) Will provide financial statements to the corporate credit
union at least quarterly;
(iii) Will obtain an annual CPA opinion audit and provide a copy to
the corporate credit union. A consolidated CUSO is not required to
obtain a separate annual audit if it is included in the corporate
credit union's annual audit;
(iv) Will provide the reports as required by Sec. 712.3(d)(4) and
(5) of this chapter;
(v) Will not acquire control, directly or indirectly, of another
depository financial institution or to invest in shares, stocks, or
obligations of an insurance company, trade association, liquidity
facility, or similar organization;
(vi) Will allow the auditor, board of directors, and NCUA complete
access to the CUSO's personnel, facilities, equipment, books, records,
and any other documentation that the auditor, directors, or NCUA deem
pertinent;
(vii) Will inform the corporate, at least quarterly, of all the
compensation paid by the CUSO to its employees who are also employees
of the corporate credit union; and
(viii) Will comply with all the requirements of this section.
(e) Subsidiary Restrictions. Any subsidiary of a corporate CUSO is
automatically designated a corporate CUSO and subject to all the
requirements of this section. The requirements of this section apply to
all tiers or levels of a corporate CUSO's structure.
0
8. Revise Sec. 704.14(a)(2) to read as follows:
Sec. 704.14 Representation.
* * * * *
(a) * * *
(1) * * *
(2) Only an individual who currently holds a senior staff position
(e.g., position of chief executive officer, chief financial officer,
chief operating officer, chief information officer, chief risk officer,
treasurer/manager, etc.) at a member credit union, and will hold that
position at the time he or she is seated on the corporate credit union
board if elected, may seek election or re-election to the corporate
credit union board;
* * * * *
0
9. In Sec. 704.19, remove the word ``corporate'' before the word
``CUSO''.
0
10. In Sec. 704.21, revise paragraph (c) and remove paragraphs (d) and
(e) to read as follows:
Sec. 704.21 Enterprise risk management.
* * * * *
(a) * * *
(b) * * *
(c) The ERMC must include at least one risk management expert who
can report directly to the board of directors. The risk management
expert's experience must be commensurate with the size of the corporate
credit union and the complexity of its operations.
0
11. Add Appendix D to read as follows:
Appendix D: Approved Corporate CUSO Activities.
Category--Clerical, Professional, & Management
A corporate CUSO may engage in the following clerical,
professional, and management activities:
1. Business Consulting Services: Offering consulting services in
support of business development, strategic planning, industry analysis,
and operational efficiency.
2. Human Resources Services: Services addressing human capital
needs, reporting, and management considerations to include development
of policies, procedures, and employee manuals.
3. Insurance Brokerage or Agency Referrals: Making third party
insurance services or products available. This may include endorsing a
product or service, negotiating group discounts and making referrals.
[[Page 17296]]
4. Marketing and Research Services: Systematically gathering,
recording, and analyzing data about issues relating to marketing credit
union products and services to identify and assess how changing
elements of the marketing mix affect member behavior. Producing reports
of research, making recommendations for marketing strategies, and other
similar market and research services.
5. Payroll Services: Management of payroll processing, reporting,
and tax filing;
6. Training Services: Furnishing pre-packaged training products,
developing new or customizing existing training products/modules, and
facilitating education and training of credit union staff.
7. Audit & Compliance Consulting Services: Performing, as requested
and agreed upon in predetermined scope arrangement, audits (internal,
operational, financial, or compliance). Providing education and
consultation services for developing statutory and regulatory
compliance programs related to the Bank Secrecy Act, Anti Money
Laundering provision, Office of Foreign Asset Control, and U.S. Patriot
Act.
8. Product Development Services: Research and development of
products and services specific to the needs of credit unions and their
members/consumers.
A corporate credit union may engage in the following currency
services:
1. Coin and Currency Services: Providing replenishment or deposit
of excess coin and cash. This may include vault cash orders, ATM
replenishments, and other similar services. Coin and currency services
may be offered through agreement with another financial institution,
direct with the Federal Reserve, through an armored car service
agreement, or other similar arrangement.
2. A corporate credit union may only engage in coin and currency
services if it meets the following conditions:
a. Maintain bond/liability insurance as appropriate.
b. Annually provide OCCU copy of bond/liability insurance.
A corporate credit union may engage in the following data
processing services:
1. Electronic Document Management: Providing document and record
management systems which may allow for document archival, reporting,
secure remote access, and similar services.
2. Core processing: Offering a back-end system in a service bureau
environment used to process and record daily transactions, and post
updates to accounts and other financial records. This typically
includes deposit, loan and credit-processing capabilities, with
interfaces to general ledger systems and reporting tools, and may allow
for or integrate with front-end member access platforms, subject to the
following conditions:
a. Maintain business recovery plan ensuring uninterrupted
operations.
b. Maintain bond/liability insurance appropriate for activity.
c. Adhere to AICPA audit standards for reporting on controls at a
service organization.
d. Annually provide OCCU copy of bond/liability insurance, business
contingency plans & test results.
A corporate credit union may engage in the following lending and
deposit services:
1. Business Banking--Consulting and Turnkey Services: Provide
either in-house, or through turnkey operation, suite of financial
products. Products may include loan products, risk monitoring, and
consulting services for business loan, deposit, payment and cash
management products, provided that the corporate CUSO comply with the
Member Business Loan Regulation--Part 723 of the NCUA Rules and
Regulations.
2. Business loan origination: Provide business loan consulting and
origination services. Examples of business loan origination include
commercial real estate, term loans, lines of credit, construction,
agriculture, SBA loans, and loan participation servicing and brokering,
provided that the corporate CUSO comply with the Member Business Loan
Regulation--Part 723 of the NCUA Rules and Regulations.
3. Business Loan Support Services: Provide business loan processing
and sales to include pre- and post closing underwriting, risk
monitoring reports, document preparation, and servicing. Loan support
services may also include debt collection services and sale of
repossessed collateral.
A corporate credit union may engage in the following payments and
electronic transaction services:
1. Automated Clearing House (ACH): Providing services for the
receipt, processing, distribution, and settlement of electronic credits
and debits among financial institutions for final posting to business
entities, credit unions and members/consumers. Activities include
receipt of ACH files; file distribution; receipt and processing of
returned items and notification of change files; offering and/or
processing ACH origination files; assisting with ACH exceptions and
transaction disputes; providing settlement of ACH files; and other
similar ACH services, subject to the following conditions:
a. Restrict CUSO ownership to one corporate unless approved by
NCUA.
b. Comply with NACHA rules.
c. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
d. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
e. Maintain bond/liability insurance as appropriate.
f. Adhere to AICPA audit standards for reporting on controls at a
service organization.
g. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
h. Utilize distributed settlement model if providing services to
other corporate credit unions.
2. Wire Transfer Services (Domestic and International):
Electronically transferring funds through the Federal Reserve Bank,
other financial institution, or other similar third-party funds
transfer agent (i.e., Western Union, etc.) directly to a domestic or
foreign financial institution or receiving transfer agent with final
credit to business entities, credit unions, and member/consumers,
subject to the following conditions:
a. Restrict CUSO ownership to one corporate unless approved by
NCUA.
b. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
c. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
d. Comply with NCUA and FFIEC Guidance for Authentication in an
Internet Banking Environment as applicable.
e. Prefund transactions prior to processing.
f. Maintain bond/liability insurance as appropriate.
g. Adhere to AICPA audit standards for reporting on controls at a
service organization.
h. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
3. Forward Check Collection/Remote Deposit Capture Services:
Offering a suite of image, electronic, and paper forward check
processing, collection, clearing, settlement, adjustment, and reporting
services. Deposit processing may occur as either ``traditional'' paper
processing, electronic truncation, or image capture, processing, and
[[Page 17297]]
transmission of check images from remote or centralized locations.
Remote deposit capture services may include branch, teller, merchant,
ATM, and consumer capture, and other similar forward check collection
services. Activities may include resale of equipment through negotiated
agreement, bundled services, and support agreements, subject to the
following conditions:
a. Restrict CUSO ownership to one corporate unless approved by
NCUA.
b. Comply with Federal Reserve Operating circulars and/or image
clearing house operating agreements.
c. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
d. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
e. Comply with NCUA and FFIEC Guidance for Authentication in an
Internet Banking Environment as applicable.
f. Maintain bond/liability insurance as appropriate.
g. Adhere to AICPA audit standards for reporting on controls at a
service organization.
h. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
i. Utilize distributed settlement model if providing services to
other corporate credit unions.
4. Share Draft (Check) Processing: Offering inclearing services for
the receipt and processing of share drafts (checks) either as
electronic images or physical checks received from the Federal Reserve
Bank, image exchange networks, or through direct presentment
arrangements with other financial institutions. Services include
receipt and processing of inclearing checks for file distribution,
processing of return files, adjustments, dispute resolution assistance,
financial settlement of files, and other similar services, subject to
the following conditions:
a. Restrict CUSO ownership to one corporate unless approved by
NCUA.
b. Comply with Federal Reserve Operating circulars and/or image
clearing house operating agreements.
c. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
d. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
e. Comply with NCUA and FFIEC Guidance for Authentication in an
Internet Banking Environment as applicable.
f. Maintain bond/liability insurance as appropriate.
g. Adhere to AICPA audit standards for reporting on controls at a
service organization.
h. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
i. Utilize distributed settlement model if providing services to
other corporate credit unions.
5. Share Draft, Check Imaging, and Archival Services: Providing
services for capturing and storing images of physical share drafts or
checks for the purpose of facilitating forward check collection,
maintaining electronic archives, and facilitating electronic access to
check images for consumers' statements, integration with internet
banking websites, and other similar purposes. Service may also include
creating copies of archival history to facilitate ``in-house'' storage
or transfers to new third-party service providers, subject to the
following conditions:
a. Restrict CUSO ownership to one corporate unless approved by
NCUA.
b. Comply with Federal Reserve Operating circulars and/or image
clearing house operating agreements.
c. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
d. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
e. Comply with NCUA and FFIEC Guidance for Authentication in an
internet Banking Environment as applicable.
f. Maintain bond/liability insurance as appropriate.
g. Adhere to AICPA audit standards for reporting on controls at a
service organization.
h. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
6. Share Draft Fraud and Risk Management Services: Offering
complementary services for share draft processing designed to identify
and prevent checking account fraud and losses during the share draft
clearing process, subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
c. Maintain bond/liability insurance as appropriate.
d. Adhere to AICPA audit standards for reporting on controls at a
service organization.
e. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
7. Official Check Services: Offering business share drafts
(checks), official checks, and money order programs to include
processing, clearing, and settlement of items, maintaining list of
issued drafts, and providing daily reports for reconciliation, subject
to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
c. Maintain bond/liability insurance as appropriate.
d. Adhere to AICPA audit standards for reporting on controls at a
service organization.
e. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
8. Lockbox & Remittance Services: Providing wholesale or small
batch retail remittance processing services. Service includes receiving
and processing payments, providing reports or files of activity,
depositing of funds, and forward collection of items, subject to the
following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
c. Maintain bond/liability insurance as appropriate.
d. Adhere to AICPA audit standards for reporting on controls at a
service organization.
e. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
9. Online & Mobile Banking: Offering internet-based technological
services which may provide real-time, 24/7 access to consumers'
financial information. This includes the ability to manage a variety of
transactional and non-transactional activities within and between
accounts which may include electronic transfers, payments, on-line loan
applications, and other similar banking activities. Access to accounts
may be through internet web applications and/or portable electronic
[[Page 17298]]
devices, subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
c. Comply with NCUA and FFIEC Guidance for Authentication in an
internet Banking Environment as applicable.
d. Maintain bond/liability insurance as appropriate.
e. Adhere to AICPA audit standards for reporting on controls at a
service organization.
f. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
10. Bill Pay and Electronic Bill Presentment and Payment (EBPP)
Services: Offering services to allow consumers to send money to a
creditor or vendor to be credited against a specific account. Bill
payments may be executed electronically, via paper check or banker's
draft, or other similar electronic payment means. Services may also
include electronically presenting bills and/or billing statements,
subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
c. Comply with NCUA and FFIEC Guidance for Authentication in an
internet Banking Environment as applicable.
d. Maintain bond/liability insurance as appropriate.
e. Adhere to AICPA audit standards for reporting on controls at a
service organization.
f. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
11. Electronic Statements/Paper Statements: Providing electronic
and paper delivery of periodic account statements, subject to the
following conditions:
a. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
b. Comply with NCUA and FFIEC Guidance for Authentication in an
internet Banking Environment as applicable.
c. Maintain bond/liability insurance as appropriate.
d. Annually provide OCCU copy of bond/liability insurance, business
continuity plans and test results.
12. Credit Card, Debit Card, and Gift or Prepaid Card Program
Services: Offering debit, credit, and gift or prepaid card programs and
processing to include: access to card networks and gateways,
authorization and settlement of signature debit transactions, including
settlement of related funds; fraud monitoring, risk management, and
case support services to include neural networks and charge-back
processing services; back office card support and management,
reconciliation of daily settlement and adjustment processing; card
maintenance, issuance, and transaction reports; card program project
management and implementation; and other similar services. Gift or
prepaid cards may be reloadable or non-reloadable, subject to the
following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Maintain bond/liability insurance as appropriate.
c. Maintain and certify compliance with current PCI/DSS (Payment
Card Industry/Data Security Standards).
d. Maintain neural network or other industry standard fraud
detection system.
e. Comply with network processing agreements and standards.
f. Adhere to AICPA audit standards for reporting on controls at a
service organization.
g. Annually provide OCCU copy of bond/liability insurance, business
continuity plans and test results, report on controls at a service
organization, and PCI/DSS compliance certification.
13. Automated Teller Machine (ATM), Electronic Funds Transfer
(EFT), and Point of Sale (POS) Services and Networks: Offering programs
that allow access to a network of EFT terminals and ATMs to initiate
PIN-based debit or ATM card transactions. ATM services include
utilizing a shared ATM network, setting up a private ATM network,
monitoring of ATM connectivity and availability, including the
management of telecom circuits and modems, assisting with the
implementation of new ATMs, ensuring data security and integrity,
providing network access, authorization of PIN transactions completed
at ATMs, including settlement of related funds. Other services include
fraud monitoring of PIN transactions, adjustment and dispute resolution
processing to include card blocking, chargeback processing, related
research and other similar services, subject to the following
conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Maintain bond/liability insurance as appropriate.
c. Maintain and certify compliance with current PCI/DSS.
d. Maintain neural network or other industry standard fraud
detection system.
e. Comply with network processing agreements and standards.
f. Adhere to AICPA audit standards for reporting on controls at a
service organization.
g. Annually provide OCCU copy of bond/liability insurance, business
continuity plans and test results, report on controls at a service
organization, and PCI/DSS compliance certification.
14. Shared Branching Services: Providing for the sharing of
infrastructure to establish a private, secure, cooperative processing
network that accepts transactions from members of participating credit
unions. Shared branching functionality includes conducting deposits,
account balance inquiries, and check cashing, and requesting funds
transfers, official checks, or other similar services, subject to the
following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
c. Comply with NCUA and FFIEC Guidance for Authentication in an
internet Banking Environment as applicable.
d. Maintain and certify compliance with current PCI/DSS network
standards or other similar shared network security standard, if
applicable.
e. Maintain bond/liability insurance as appropriate.
f. Adhere to AICPA audit standards for reporting on controls at a
service organization.
g. Annually provide OCCU copy of bond/liability insurance, business
continuity plans and test results, report on controls at a service
organization, and PCI/DSS compliance certification, if applicable.
A corporate credit union may engage in the following information
technology services:
1. Web Development, Hosting, & Content Management: Developing and
designing non-transaction public websites, private or internal
websites, and web applications. Website hosting to include maintaining
the servers and html code for public and private
[[Page 17299]]
websites, intranets, and Web applications used on customer websites.
Offering web content management (WCM) systems to simplify the
publication of web content and updates to websites and mobile devices,
subject to the following conditions:
a. Maintain business recovery plan ensuring uninterrupted
operations.
b. Maintain bond/liability insurance appropriate for activity.
c. Adhere to AICPA audit standards for reporting on controls at a
service organization.
d. Annually provide OCCU copy of bond/liability insurance, business
contingency plans & test results.
2. Web Authentication & Security Monitoring: Web security and
monitoring services such as authentication and encryption of passwords
and other similar techniques for secure member login to intranets,
extranets, and private websites; host based intrusion protection and
detection; log monitoring; hacker-safe monitoring programs; and
configuration and daily administration web security and other similar
monitoring services, subject to the following conditions:
a. Comply with the Security Program Requirements--Part 748 of the
NCUA Rules and Regulations.
b. Comply with NCUA and FFIEC Guidance for Authentication in an
internet Banking Environment as applicable.
c. Maintain bond/liability insurance appropriate for activity.
d. Adhere to AICPA audit standards for reporting on controls at a
service organization.
e. Annually provide OCCU copy of bond/liability insurance, business
contingency plans & test results.
3. Software Systems Development/Application Programming Interface
(API) Development: Designing, coding, testing and updating custom
software system data programs and other code (e.g., scripts).
Application Programming Interface (API) development includes
developing, testing, and updating custom applications which interface
with other existing systems and applications such as core processing
systems, subject to the following conditions:
a. Comply with the Security Program Requirements--Part 748 of the
NCUA Rules and Regulations.
b. Conduct independent code review for custom software systems and
applications.
c. Adhere to audit standards for third-party service providers.
d. Maintain source code for custom developed software systems in
escrow or in similar arrangement.
4. Secure Collaboration Services: Programs, systems, or sites for
establishing secure communication channels for private document storage
and distribution, and dissemination of confidential or sensitive
information for the purpose of collaboration between authorized
parties, provided that the corporate CUSO complies with the Security
Program Requirements--Part 748 of the NCUA Rules and Regulations.
5. Information Technology (IT) Consulting and Management Services:
Consulting and management services for IT infrastructure design and
architecture, system security, administration, support, resource
management and monitoring. Services include offering Software as a
Service (SaaS), Infrastructure as a Service (IaaS), Platform as a
Service (PaaS), and planning and management, and the provisioning of
hardware and software for business continuity planning to include
online data backup and recovery services, subject to the following
conditions:
a. Comply with the Security Program Requirements--Part 748 and
Records Preservation Program and Records Retention Appendix--Part 749
of the NCUA Rules and Regulations.
b. Maintain bond/liability insurance appropriate for activity.
c. Annually provide OCCU copy of bond/liability insurance, vendor
due diligence reports, security program, business contingency plans &
test results.
A corporate credit union may engage in the following investment/ALM
services:
1. Asset Liability Management (ALM) Consulting, Advisory, and
Reporting Services: Consulting, advisory, and reporting services for
balance sheet and interest rate risk management. This includes ALM
interest rate risk modeling, measurement, and reporting; ALM model
validation services; consulting services for ALM policy development,
core deposit studies, lending pool analysis and valuations, and other
similar services.
[FR Doc. 2020-03837 Filed 3-26-20; 8:45 am]
BILLING CODE 7535-01-P
