Bank activities and operations: Electronic banking,

As Enacted ( Federal Register)

Cited authorities 53

Cited in

[Federal Register: May 17, 2002 (Volume 67, Number 96)]

[Rules and Regulations]

[Page 34992-35006]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

[DOCID:fr17my02-2]

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 7

[Docket No. 02-07]

RIN 1557-AB76

Electronic Activities

AGENCY: Office of the Comptroller of the Currency, Treasury.

ACTION: Final rule.

SUMMARY: The Office of the Comptroller of the Currency (OCC) is amending its regulations in order to facilitate national banks' ability to conduct business using electronic technologies, consistent with safety and soundness. This final rule groups together new and revised regulations addressing: national banks' exercise of their Federally authorized powers through electronic means; the location, for purposes of the Federal banking laws, of a national bank that engages in activities through electronic means; and the disclosures required when a national bank provides its customers with access to other service providers through hyperlinks in the bank's website or other shared electronic ``space.''

EFFECTIVE DATE: Section 7.5010 shall take effect on July 1, 2002. All other sections of this final rule shall take effect on June 17, 2002.

FOR FURTHER INFORMATION CONTACT: Heidi M. Thomas, Special Counsel, Legislative and Regulatory Activities, (202) 874-5090; James Gillespie, Assistant Chief Counsel, (202) 874-5200; or Clifford Wilke, Director, Bank Technology, (202) 874-5920.

SUPPLEMENTARY INFORMATION: On July 2, 2001, the OCC published a notice of proposed rulemaking (NPRM) in the Federal Register requesting comments on a proposal to update our regulations to reflect national banks' use of new technologies and to provide simpler, clearer guidance to national banks engaging in electronic activities.\1\ The proposal codified several positions that the OCC has taken previously in published interpretive letters to national banks. The proposal also created a new subpart E to part 7 of the OCC's regulations to house these and other OCC provisions related to the conduct of national bank activities through electronic means.\2\

\1\66 FR 34855 (July 2, 2001).

\2\The OCC notes that it has established a website that contains information relating to electronic banking activities. See http:// www.occ.treas.gov/netbank/netbank.htm. This site includes a listing of opinions, approval letters, supervisory guidance, and other issuances on this subject and provides links to many of the documents listed in this preamble.

Our proposal was the result of a focused review of our regulations with the goal of revising them in ways that would facilitate national banks' use of technology, consistent with safety and soundness. We initiated this review by publishing an advance notice of proposed rulemaking (ANPR).\3\ We developed the proposed rule, in large part, on the comments received on this ANPR.

\3\65 FR 4895 (Feb. 2, 2000).

Description of Proposal, Comments Received, and Final Rule

The OCC received 22 comment letters on the proposal.\4\ These comments include 10 from national banks, bank subsidiaries, and bank holding companies; 5 from financial services trade associations; 4 from credit card banks or lenders; 1 from a State regulatory group; and 2 from other interested parties. The majority of commenters supported adoption of an electronic banking regulation in the form we proposed.

\4\The OCC received four other letters commenting on a study of banking regulations regarding the online delivery of financial services conducted by the Federal banking agencies pursuant to section 729 of the Gramm-Leach-Bliley Act, Pub. L. 106-102, 113 Stat. 1338, 1476 (Nov. 12, 1999) (``GLBA''), codified at 12 U.S.C. 4801.

Some commenters, however, suggested modifications or articulated concerns with certain aspects of this proposal. In light of these comments, we have modified certain provisions of the proposed rule. The most significant comments, and our responses, are discussed in the following section-by-section analysis. As in the preamble to the proposal, this section-by-section description is divided into three categories: national bank powers; ``location'' with respect to the conduct of electronic activities; and, safety and soundness requirements for shared electronic ``space.''

National Bank Powers
1. National Bank Finder Authority (Revised Sec. 7.1002)
  
  As we described in the proposal, the OCC has long permitted a national bank to act as a finder to bring together buyers and sellers of financial and non-financial products and services. Under our current rules, a national bank acting as a finder may identify potential parties, make inquiries as to interest, introduce or arrange meetings of interested parties, and otherwise bring parties together for a transaction that the parties themselves negotiate and consummate.\5\ Recently, national banks have used the finder authority to engage in new activities made possible by technological developments, especially the Internet.\6\
  
  \5\See 12 CFR 7.1002.
  
  \6\See OCC Conditional Approval No. 369 (Feb. 25, 2000) (national bank may host a virtual mall consisting of a web page with links to third-party merchants arranged according to product or service offered; OCC Interpretive Letter No. 875, reprinted in
  
  [Current Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81-369 (Oct. 31, 1999) (the components of Internet services package that involve hosting of commercial web sites, registering merchants with search engines and obtaining URLs, and electronic storage and retrieval of the data set for a merchant's on-line catalog are permissible finders activities authorized for national banks pursuant to 12 U.S.C. 24(Seventh)); OCC Conditional Approval No. 221 (Dec. 4, 1996) (national banks, in the exercise of their finder authority, may establish hyperlinks between their home pages and the Internet pages of third-party providers so that bank customers will be able to access those non-bank web sites from the bank site); Letter from Julie L. Williams, Chief Counsel (Oct. 2, 1996) (unpublished) (national bank as finder may use electronic means to facilitate contacts between third-party providers and potential buyers); OCC Interpretive Letter No. 611, reprinted in [1992-1993 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 83,449 (Nov. 23, 1992) (national bank linking non-bank service providers to its communications platform of smart phone banking services is within its authority as a finder ``in bringing together a buyer and seller;'' national banks may act as finders by providing to their customers links to non-banking, third-party vendors' Internet web sites); OCC Interpretive Letter No. 516, reprinted in [1990-1991 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 83,220 (July 12, 1990) (national banks as finder may provide electronic communications channels for persons participating in securities transactions).
  
  [[Page 34993]]
  
  Section 7.1002 of the OCC's rules addresses national banks' finder authority. The proposal sought comment on several changes to that provision. First, the proposal stated that it is part of the business of banking for a national bank to engage in finder activities, codifying the position the OCC has taken in various interpretive letters.\7\
  
  \7\See, e.g., OCC Interpretive Letter No. 824, reprinted in
  
  [1997-1998 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81,273 (Feb. 27, 1998) (determining, in the context of insurance activities, that the ``finder function is an activity authorized for national banks under 12 U.S.C. 24(Seventh) as part of the business of banking.''). The OCC makes this determination pursuant to its authority under section 24(Seventh) to authorize activities as part of the business of banking. NationsBank of North Carolina v. Variable Annuity Life Insurance Co., 513 U.S. 251, 258 n.2 (1995) (VALIC) (``We expressly hold that the ``business of banking'' is not limited to the enumerated powers in [section] 24 Seventh and that the Comptroller therefore has discretion to authorize activities beyond those specifically enumerated.''). In VALIC, the Court noted that the Comptroller's exercise of discretion is subject to a reasonableness standard. Id. It is clear that our determination that finder activities are part of the business of banking satisfies this standard. See Norwest Bank Minnesota, N.A. v. Sween Corp., 118 F.3d 1255, 1260 (8th Cir. 1997) (determining that finder activities were authorized for a national bank because ``allowing banks to use their expertise as an intermediary effectuating transactions between parties facilitates the flow of money and credit through the economy.''). The Sween court did not distinguish between activities that are ``part of'' the business of banking and those that are ``incidental to'' that business, relying, instead, on the pre-VALIC formulation of the analysis as whether an activity is ``closely related to an express power and is useful in carrying out the business of banking.'' Id. at 1260 (quoting First Nat. Bank of Eastern Arkansas v. Taylor, 907 F.2d 775, 778 (8th Cir. 1990)). The court's conclusions are nonetheless clear that finder activities are authorized pursuant to 12 U.S.C. 24(Seventh) and that the Comptroller's determination to that effect, embodied in the OCC's regulations, was a reasonable construction of the statute.
  
  Second, the proposal added a number of specific examples illustrating the range of finder activities the OCC has authorized to date. The preamble to the proposal made clear that this list was illustrative and not exclusive, and that the OCC may find new activities to be authorized under the finder authority that are not specifically enumerated in the regulation.
  
  Finally, the proposed rule modified the statement in the current rule that the authority to act as a finder does not enable a national bank to engage in activities that would characterize the bank as a broker under Federal law that are not otherwise permissible for national banks.\8\ We proposed this modification because the concept of what constitutes acting as a broker is changing in response to technology and is expanding for purposes of some regulatory requirements that are unrelated to the authority of national banks to conduct the activity.\9\ As we said in the proposal, however, this modification does not affect whether activities regulated as brokerage under State law are permissible for a national bank.
  
  \8\The prior rule contained the express statement that acting as a finder does not include activities that would characterize the bank as a broker under applicable Federal law.
  
  \9\See, e.g., ``SEC Redefines What Triggers B/D Registration,'' VII Compliance Rep. 1 (Apr. 10, 2000); and ``On-line Brokerage: Keeping Apace of Cyberspace,'' Report of Laura S. Unger, Commissioner, U.S. Securities and Exchange Commission 98-106 (Nov. 1999).
  
  We received a number of comments on proposed Sec. 7.1002. Some of these comments urged the OCC to include additional activities in the illustrative list of those permissible for a national bank acting as finder. For example, one commenter requested that the OCC authorize national banks, acting as finders, to participate in negotiations, negotiate on behalf of parties to a transaction, and bind parties to a transaction so long as the bank itself is not a party and obligated as a principal. Another commenter requested that the OCC endorse a broad role of banks as electronic agents.
  
  After carefully reviewing these comments, we have declined to make changes to the extent suggested.\10\ Rather, we will consider these, and similar expanded types of finder activities, on a case-by-case basis for the time being.
  
  \10\We note, however, a bank may accept an offer without first communicating the offer to the actual party to the transaction if that party has given direction to the bank to accept offers that meet pre-determined criteria. In that case, the bank is communicating offers and acceptances because it has been directed to make an acceptance by its client.
  
  We have, however, modified the proposal to clarify certain other aspects of the finder authority that do not cause a national bank to be a participant in the transaction. Thus, the final rule provides that a national bank may act as an intermediary between interested parties and establish rules of general applicability governing the use and operation of the finder service.
  
  In response to a commenter's suggestion, we have also changed the reference ``buyers and sellers'' in Sec. 7.1002 to ``interested parties to a transaction'' so that the rule recognizes that national banks can bring together different types of parties to a transaction in addition to buyers and sellers. This commenter noted in particular that in the Internet environment, there may be many parties to a transaction beyond the buyer and seller, such as service providers, consultants, software developers, and regulatory authorities. We agree with this observation. We also note that the definition of buyers and sellers includes analogous parties, such as lessors and lessees. In addition, as the scope of permissible finder activities is not dependent on the nature of goods or services sold, national banks can act as finder with respect to non-financial products and services.\11\ We also have removed the word ``service'' in Sec. 7.1002 to clarify that national banks acting as a finder may make communications concerning a third party's provision of both products and services.
  
  \11\See OCC Corporate Decision No. 97-60 (July 1, 1997).
  
  The preamble to the proposed rule stated that the examples of permissible national bank finder activities were illustrative and not exclusive, and that the OCC may find new activities to be authorized under the finder authority that are not included in the examples. A number of commenters requested that we amend the regulatory text itself to state that these examples are not exhaustive. We agree that making this statement in the text of the regulation itself will remove any ambiguity on this point. Therefore, the final rule includes language indicating that permissible finder activities are not limited to those listed as examples in the regulation. 2. Electronic Banking B--Scope (new Subpart E and Sec. 7.5000)
  
  The proposal created a new Subpart E of part 7, so that regulations pertaining to electronic activities would appear in one place. Proposed Sec. 7.5000 described the purpose of Subpart E, which addresses national banks' use of electronic technology to deliver products and services, consistent with safety and soundness. To more accurately reflect the content of this section, we have changed the title of Sec. 7.5000 in the final rule from ``Scope'' to ``Purpose of subpart E.''
  
  The majority of commenters supported the creation of a new, separate subpart for electronic banking-related provisions. Although one commenter suggested a regrouping of the provisions in new subpart E, we believe that the organization of the subpart as proposed presents the subject
  
  [[Page 34994]]
  
  matter clearly and concisely. Therefore, we have not altered the arrangement of new Subpart E in the final rule. 3. Electronic Banking Activities That Are Part of, or Incidental to, the Business of Banking (Sec. 7.5001)
  
  In response to new technologies and evolving financial markets, national banks are continually developing new electronically-based activities and products. Proposed Sec. 7.5001 was designed to assist banks that are contemplating these new electronic activities and products by identifying the factors the OCC uses to determine whether such an activity or product is part of, or incidental to, the business of banking, pursuant to 12 U.S.C. 24(Seventh).
  
  In general, commenters supported the approach taken by this section. However, a few commenters noted specific issues with the section as drafted. These issues are discussed below.
  
  Purpose. Proposed Sec. 7.5001(a) provided the purpose of the new section and described the general parameters of national banks' ability to engage in electronic activities.\12\ It expressly set out the OCC's authority to impose conditions on the exercise of newly authorized activities if necessary to ensure that the activities are conducted safely and soundly and in accordance with applicable law and supervisory policies. We received no comments on this portion of proposed Sec. 7.5001(a), and therefore have adopted it, with changes to improve clarity.
  
  \12\Paragraph (a) of Sec. 7.5001 of the proposed rule has been recodified as paragraphs (a) and (b) of Sec. 7.5001 in the final rule.
  
  Proposed Sec. 7.5001(a) also stated that State law applies to a national bank's conduct of electronic activities to the extent such law would apply if the activity were conducted by the bank through traditional means. A few commenters suggested modifications to this statement. However, because Sec. 7.5002 of the proposed rule contains the same applicability of State law provision, we have deleted this provision in Sec. 7.5001 as redundant and unnecessary. These comments, therefore, are described in the discussion of Sec. 7.5002, below.
  
  Activities that are part of the business of banking. Proposed Sec. 7.5001(b) provided that an electronic activity is authorized for national banks as part of the business of banking if the activity is permitted under 12 U.S.C. 24(Seventh) or other statutory authority applicable to national banks, or otherwise constitutes part of the business of banking. The proposal set forth four factors the OCC considers in determining whether an electronic activity is part of the business of banking.\13\
  
  \13\The final rule recodifies these factors as Sec. 7.5001(c)(1).
  
  The first factor is whether the electronic activity is functionally equivalent to, or a logical outgrowth of, a recognized banking activity. As indicated in the preamble to the proposed rule, this factor is based on judicial precedents approving activities that traditionally have been performed by banks, that are functionally similar to recognized banking activities, or that represent advances in recognized banking practices.\14\ We received no comments objecting to, or requesting modifications of, this factor. Therefore, we are adopting this factor as proposed.
  
  \14\See, e.g., M & M Leasing Corp. v. Seattle First Nat'l Bank, 563 F.2d 1377 (9th Cir. 1977), cert. denied, 436 U.S. 956 (1978) (national bank leasing of personal property permissible because it was functionally interchangeable with loaning money on personal security and therefore incidental to the express power of loaning money on personal security); and VALIC, 513 U.S. at 259-60 (national bank annuity sales are permissible because they are functionally similar to other financial investment products banks have long been authorized to sell).
  
  The second factor in proposed Sec. 7.5001(b) is whether the proposed activity strengthens the bank by benefiting its customers or its business. Courts have long recognized that national banks' ability to serve the needs of their customers by offering appropriate products and services is crucial to their capability to compete successfully. Courts have also approved many activities on the basis that they benefit a bank's customers or the bank's business itself.\15\ Examples of the types of activities the OCC would look to include those where the activity increases service, convenience, or options for bank customers or lowers the cost to banks of providing a product or service. We also received no comments objecting to, or requesting modifications of, this factor. The final rule therefore adopts this factor as proposed.
  
  \15\See Merchants' Bank v. State Bank, 77 U.S. (10 Wall.) 604, 648 (1870) (``The practice of certifying checks has grown out of the business needs of the country.''). See also Clement National Bank v. Vermont, 231 U.S. 120, 140 (1913) (``the bank should be free to make * * * reasonable [depositors'] agreements, and thus promote the convenience of its business. * * *'').
  
  The third factor in proposed Sec. 7.5001(b) is whether the activity presents the types of risk that banks are experienced in managing. One commenter requested that the OCC change this factor instead to whether the activity ``involves risk that can be sufficiently assessed and managed by the bank.'' This suggested modification appears substantially identical to the proposal in practical effect. Since we have utilized the proposed factor--whether the activity presents the types of risks that banks are experienced in managing--in interpretive letters issued prior to this proposal,\16\ we have decided to adopt the third factor as proposed.
  
  \16\See Merchants' Bank, 77 U.S. at 648 (``A bank incurs no greater risk in certifying a check than in giving a certificate of deposit.''); M & M Leasing, 563 F.2d at 1383 (leasing personal property functionally equivalent to secured lending because the risks to the bank of such leasing were essentially the same as if the bank had made secured loans to buyers of the same property). See also Decision of the Comptroller of the Currency on the Operating Subsidiary Application by Zions First National Bank, Salt Lake City, Utah, OCC Conditional Approval No. 267, reprinted in [1997-1998 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81,256 (Jan. 12, 1998) at 13 (acting as a certification authority involves core competencies of national banks and thus entails risks similar to those that banks are already expert in handling).
  
  Finally, the fourth proposed factor recognized the relevance of State law in the analysis the OCC conducts when it receives requests regarding the permissibility of new electronic activities for national banks. Since the statutory reference to the ``business of banking'' does not imply that there are two distinct businesses of banking--one for Federally-chartered and another for State-chartered banks-- activities that are recognized as permissible for State banks are at least a relevant factor in determining whether an electronic activity is part of the business of banking.\17\ We received no comments or requests for modification on this factor. The final rule clarifies that the activities encompassed by this factor include activities authorized for a State-chartered bank expressly by State law or otherwise.
  
  \17\The U.S. Supreme Court has relied upon the permissibility of an activity for State banks as a factor in the analysis of permissible national bank powers. See Colorado Nat'l Bank v. Bedford, 310 U.S. 41 (1940), in which the Court, concluding that national banks had the authority to conduct a safe-deposit business, stated that ``State banks, quite usually, are given the power to conduct a safe-deposit business. We agree with the appellant bank that such a generally adopted method of safeguarding valuables must be considered a banking function authorized by Congress.'' Id. at 49-50.
  
  The preamble to the proposed rule stated that a proposed activity does not necessarily have to satisfy all of these four factors in order to be permissible. One or more of these factors may be sufficient, depending on the specific facts and circumstances presented. One commenter requested that, in addition to the preamble, the regulatory text include the statement that an activity does not need to meet all of the listed factors to be permissible. In response,
  
  [[Page 34995]]
  
  we have added a statement explaining that the weight given a particular factor depends on the facts and circumstances.
  
  Finally, we have modified the first sentence of proposed Sec. 7.5001(b) by deleting the phrase ``or is otherwise part of the business of banking.'' That phrase is unnecessary in light of the statement elsewhere in this subsection that an activity is authorized for national banks as part of the business of banking if the activity is described in section 24 (Seventh).
  
  Electronic activities that are incidental to the business of banking. Consistent with judicial precedent,\18\ proposed Sec. 7.5001(c) provided that an activity is incidental to the business of banking if it is convenient or useful to an activity that is specifically authorized for national banks or to an activity that is otherwise part of the business of banking. Relying on these same precedents, proposed Sec. 7.5001(c) distilled and set forth in two factors the elements the OCC considers in determining whether an activity is convenient or useful to the business of banking.\19\
  
  \18\See Arnold Tours, Inc. v. Camp, 472 F.2d 427, 432 (1st Cir. 1972), which held that a national bank's activity is authorized as an incidental power if ``it is convenient or useful in connection with the performance of one of the bank's established activities pursuant to [the five] express powers'' enumerated in 12 U.S.C. 24(Seventh); Franklin Nat. Bank v. New York, 347 U.S. 373 (1954); Wyman v. Wallace, 201 U.S. 230 (1906); and First Nat'l Bank of Charlotte v. National Exch. Bank of Baltimore, 92 U.S. 122 (1875).
  
  \19\The final rule recodifies these factors as Sec. 7.5001(d)(1).
  
  The first factor is whether the activity facilitates the production or delivery of a bank's products or services, enhances the bank's ability to sell or market its products or services, or improves the effectiveness or efficiency of the bank's operations in light of risks presented, innovations, strategies, techniques, and new technologies for producing financial products and services. In applying this factor, the OCC has determined that the provision of certain electronic products and services is permissible, as incidental to the business of banking, when needed to package successfully or promote other banking services.\20\ We also have recognized a category of incidental activities based on the operation of the bank itself as a business concern. Banking activities that fall in this category may include hiring employees, issuing stock to raise capital, owning or renting equipment, borrowing money for operations, purchasing the assets and assuming the liabilities of other financial institutions, and operating through optimal corporate structures, such as subsidiary corporations or joint ventures. Various Federal statutes have implicitly recognized national banks' authority to perform the activities necessary to conduct their business.\21\ In each case, the statutes presume the existence of corporate power to conduct the bank's business under 12 U.S.C. 24(Seventh).
  
  \20\See OCC Interpretive Letter No. 754, reprinted in [1996-97 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81-118 (Nov. 6, 1996) (national bank operating subsidiary may sell general purpose computer hardware to other financial institutions as part of larger product or service when necessary, convenient, or useful to bank permissible activities).
  
  \21\For example, Federal laws refer to limits on persons who can serve as bank employees, to the permissible disposition of bank stock, and to the existence of bank subsidiaries. See, e.g., 12 U.S.C. 78 (defining persons ineligible to be bank employees); 12 U.S.C. 83 (limiting national bank's purchase of its own stock); 12 U.S.C. 24(Seventh) (limiting presupposed authority of national bank to own a subsidiary engaged in the safe deposit business; 12 U.S.C. 371d (1994) (defining ``affiliates'' to include subsidiaries owned by national banks); GLBA section 121 (defining ``financial subsidiary'' as a subsidiary ``other than'' a subsidiary that conducts bank-permissible activities under the same terms and conditions that apply to the parent bank or a subsidiary expressly authorized by Federal statute).
  
  We noted in the preamble to the proposed rule that the authority of banks to deliver and sell products and services or improve the effectiveness of their operations must be viewed in light of innovations, strategies, techniques and new technologies for marketing financial products and services. These grants of power must be given a broad and flexible interpretation to allow national banks to utilize modern methods and meet modern needs.\22\ The proposal noted that market and technological changes that will affect the banking industry will shape the OCC's future determinations of whether an activity is incidental to the business of banking.
  
  \22\In VALIC, the Supreme Court recognized that the concepts of the ``business of banking'' and of activities ``incidental'' to that business must be sufficiently flexible to accommodate the constant evolution of banking services. See VALIC, 513 U.S. at 259-260. See also M & M Leasing, 563 F.2d at 1382 (noting that ``commentators uniformly have recognized that the National Bank Act did not freeze the practices of national banks in their nineteenth century forms. * * * [W]e believe the powers of national banks must be construed so as to permit the use of new ways of conducting the very old business of banking.'').
  
  The second factor listed in proposed Sec. 7.5001(c) is whether the activity enables the bank to profitably use capacity acquired for its banking operations or otherwise avoid economic waste or loss. For example, it is well settled that a nonbanking activity can be incidental when it enables a bank to realize gain or avoid loss from activities that are part of, or necessary to, its banking business. Federal statutes and case law also recognize national banks' need to optimize the value of bank property by authorizing banks to sell excess space or capacity in that property.\23\ Section 7.5004, which pertains to excess capacity, is a specific application of this general principle in the electronic context.
  
  \23\See 12 U.S.C. 24 (Seventh) and 29; Perth Amboy National Bank v. Brodsky, 207 F. Supp. 785, 788 (S.D.N.Y. 1962) (``It is clear beyond cavil that the statute [12 U.S.C. 29] permits a national bank to lease or construct a building, in good faith, for banking purposes, even though it intends to occupy only a part thereof and to rent out a large part of the building to others.'').
  
  We received no specific comments on these factors and have therefore retained them both in the final rule. We have, however, modified the second factor by removing the word ``profitably'' to conform this factor to the excess capacity doctrine set forth in Sec. 7.5004.
  
  As with determinations regarding whether an activity is part of the business of banking, specific facts may implicate one or both of these factors, and the activity need not satisfy each factor to be permissible as incidental to that business. At the request of a commenter, the OCC has added a clarification of this point, in Sec. 7.5001(d)(2) of the final rule.
  
  Two commenters discussed the effect of this new Sec. 7.5001 on the application process the OCC uses to determine whether national banks and their operating subsidiaries may engage in new activities, set forth in 12 CFR part 5. One commenter requested more specificity on the use of the factors relevant to determining whether an activity is incidental to banking and asked that the OCC clarify whether it expects banks to include these factors in applications to offer new electronic services. This commenter also asked whether the OCC intends to alter or streamline this application process in light of the factors listed in Sec. 7.5001.
  
  We do not believe that substantive changes to the application process in part 5 are necessary at this time based on this codification of the factors the OCC examines when determining whether an activity is authorized pursuant to 12 U.S.C. 24(Seventh). These factors are derived from OCC opinion letters, which explain them in sufficient detail that additional guidance is not needed in the rule. A bank that wishes us to consider whether a proposed activity is permissible pursuant to 12 U.S.C. 24(Seventh) should describe in its filing how its proposed activity meets one or more of these factors. If it subsequently appears that technical changes to the application
  
  [[Page 34996]]
  
  or notice process are desirable, we will initiate a separate rulemaking proposing those changes.
  
  Another commenter suggested that the OCC establish an ``optional, expedited notice procedure for new activities as a way of enabling banks to bring products to market quickly within the umbrella of OCC deference.'' We believe, however, that the OCC's current processes are sufficiently flexible to allow national banks to offer new electronic products and services expeditiously, consistent with safety and soundness considerations. In general, national banks are not required to notify or obtain OCC approval to engage in permissible activities within the bank. In addition, national banks may already offer many permissible electronic products or services through an operating or financial subsidiary without filing a notice or application with the OCC. (For new activities to be performed in an operating or financial subsidiary, the after-the-fact notice or application provisions of 12 CFR part 5 apply.) As indicated in the discussion above, the factors set forth in Sec. 7.5001 will assist banks in their determination as to whether a new activity is permissible. A bank that is uncertain about the permissibility of a new activity may request an interpretive opinion from the OCC. 4. Furnishing of Products or Services by Electronic Means and Facilities (Sec. 7.5002)
  
  The OCC's rules currently provide that a national bank may perform, provide, or deliver through electronic means and facilities any function, product, or service that it is otherwise authorized to perform, provide or deliver.\24\ This so-called ``transparency doctrine'' is a key provision for national banks engaging in electronic activities because it calls for the OCC to look through the means by which the product is delivered and focus instead on the authority of the national bank to offer the underlying product or service.
  
  \24\See 12 CFR 7.1019.
  
  We have relied on this transparency doctrine to approve a number of technology-based activities, such as web site hosting and the operation of a ``virtual mall,'' that are otherwise permissible under a national bank's finder authority. Similarly, we have approved electronic bill presentment activities because billing and collecting services are permissible for national banks.\25\
  
  \25\See OCC Conditional Approval No. 369 (Feb. 25, 2000) (national bank may host a virtual mall consisting of a web page with links to third-party merchants arranged according to product or service offered); OCC Conditional Approval No. 304 (Mar. 5, 1999) (electronic bill presentment is part of the business of banking). See also OCC Conditional Approval No. 220 (Dec. 2, 1996) (the creation, sale, and redemption of electronic stored value in exchange for dollars is part of the business of banking because it is the electronic equivalent of issuing circulating notes or other paper-based payment devices like travelers checks); OCC Conditional Approval No. 267, supra note 16 (a national bank may store electronic encryption keys as an expression of the established safekeeping function of banks).
  
  The proposal moved the transparency rule to Sec. 7.5002 of new subpart E and expanded it to include examples of activities the OCC has found to be permissible. These changes were proposed in order to provide clearer guidance to national banks that wish to engage in new electronic activities.
  
  One commenter requested that we clarify that these examples in Sec. 7.5001 are not exclusive, and that we would consider the authorization of new activities under the transparency doctrine that may not be illustrated through the examples provided. The commenter's suggestion is consistent with the purpose of the provision, and the final rule clarifies that these examples are illustrative, not exclusive.
  
  Other commenters requested that we expand the list of examples in the text of Sec. 7.5002 to include other specific activities. One suggested that this list include the provision of communications services relating to all aspects of transactions between buyers and sellers. This facilitation of communication between interested parties is an inherent part of a bank's finder activities, and therefore may be conducted electronically.\26\ We have therefore amended the regulatory text to include this activity in the list of examples of permissible electronic activities based on the transparency doctrine.
  
  \26\See Letter from Elizabeth H. Corey, Attorney (May 18, 1989) (unpublished); Letter from John M. Miller, Acting Deputy Chief Counsel (July 26, 1977) (unpublished).
  
  Other commenters suggested adding a number of specific activities that the OCC has not yet approved as permissible for national banks. We have not adopted these suggestions. Our experience is that decisions about the permissibility of new electronic activities are best made in the context of specific tests and circumstances that enable us to consider the practical and supervisory effects of, as well as the legal basis for, the determination. We will accordingly continue our practice of case-by-case review, followed by codification of key precedents, as appropriate, from time to time. As noted previously, this codification does not serve to limit the activities that may be found to be permissible, and we will continue to review new activities on a case- by-case basis.
  
  Consistent with the principle that it is the substance of an activity--and not its electronic form--that is key to the determination of whether it is permissible, the final rule provides that when a national bank engages in an electronic activity based on the transparency doctrine, the electronic activity will not be exempt from the regulatory requirements and supervisory guidance, including those prescribed by OCC regulations or contained in other OCC issuances, that would apply if the activity were conducted by non-electronic means or facilities. This new provision clarifies that national bank activities will continue to be governed by OCC regulatory requirements and supervisory guidance regardless of whether that activity is conducted electronically or by traditional means.
  
  A few commenters suggested modifications in the provision addressing the applicability of State law that appeared at proposed Sec. 7.5002(b), as well as at proposed Sec. 7.5001(a), both provisions being very similar in substance and in wording. One commenter asked that the OCC expressly preempt State laws that purport to regulate activities conducted by electronic means. Another stated that the OCC should require a national bank to comply only with the laws of the jurisdiction from which its electronic products or services are offered. A third commenter asked that we specifically clarify that other preemption rules in Federal law also apply to the electronic banking activities of national banks, such as the preemption rules set forth in the Electronic Signatures in Global and National Commerce Act (E-Sign).\27\
  
  \27\Pub. L. 106-229, 114 Stat. 464 (June 30, 2000).
  
  The final rule contains only one provision on the applicability of State law, now located at Sec. 7.5002(c). This provision has been modified to address certain of the concerns the commenters have raised by clarifying the scope of preemption described in the rule, and to reflect developments in the law pertaining to electronic commerce.
  
  In general, the application of State law to activities conducted by national banks through electronic means presents issues of preemption that are determined under traditional principles of Federal preemption derived from the Supremacy Clause of the United States Constitution\28\ and applicable judicial precedent. The OCC's rules--currently and as amended by this final rule--
  
  [[Page 34997]]
  
  provide that a national bank may conduct by electronic means any function or activity that it is otherwise authorized to conduct. The resolution of any issue about the applicability of State law to an activity that a national bank conducts electronically is, accordingly, governed by the preemption principles that would apply to activities conducted by traditional means.
  
  \28\U.S. Const. art. VI, cl. 2.
  
  However, when the activity is being conducted by electronic means, and thus is potentially geographically boundless, a consideration unique to the purpose and characteristics of the national bank charter becomes an element of this preemption analysis. Through the national bank charter, Congress established a banking system intended to be nationwide in scope, and authorized the creation of national banks, whose powers were intended to be uniform, as established by Federal law, regardless of where in the nation they conducted their business. As the Supreme Court has said:
  
  National banks are instrumentalities of the federal government, created for a public purpose, and as such necessarily subject to the paramount authority of the United States. It follows that an attempt by a state to define their duties, or control the conduct of their affairs is absolutely void, wherever such attempted exercise of authority expressly conflicts with the laws of the United States, and either frustrates the purpose of the national legislation, or impairs the efficiency of these agencies of the federal government to discharge the duties for the performance of which they were created.\29\
  
  \29\Davis v. Elmira Savings Bank, 161 U.S. 275, 283 (1896). See also Marquette Nat. Bank of Minneapolis v. First of Omaha Serv. Corp., 439 U.S. 299, 314-315 (1978); First Nat. Bank of San Jose v. California, 262 U.S. 366, 369 (1923) (``[A]ny attempt by a state to define [national banks'] duties or control the conduct of their affairs is void, whenever it conflicts with the laws of the United States or frustrates the purposes of the national legislation, or impairs the efficiency of the bank to discharge the duties for which it was created.'').
  
  This freedom from State control over a national bank's powers protects national banks from conflicting local laws unrelated to the purpose of providing the uniform, nationwide banking system that Congress intended. And, as the Supreme Court also recognized, Congress was concerned not just with the application of certain States' laws to individual national banks, but also with the application of multiple States' standards which would undermine the uniform, national character of the powers of national banks throughout the system. This point was made clearly by the Supreme Court in Easton v. Iowa, 188 U.S. 220
  
  (1903):
  
  That legislation [i.e., legislation creating and regulating national banks] has in view the erection of a system extending throughout the country, and independent, so far as the powers conferred are concerned, of state legislation which, if permitted to be applicable, might impose limitations and restrictions as various and as numerous as the states. * * * [W]e are unable to perceive that Congress intended to leave the field open for the states to attempt to promote the welfare and stability of national banks by direct legislation. If they had such power it would have to be exercised and limited by their own discretion, and confusion would necessarily result from control possessed and exercised by two independent authorities.\30\
  
  \30\Easton, 188 U.S. at 229, 231-232 (emphasis added).
  
  Thus, in analyzing the potential for State laws to be applicable to activities conducted by national banks via electronic means, it is also necessary to recognize in the preemption analysis that application of a multiplicity of State requirements in itself is an important factor in the analysis. Particularly where an activity is conducted via electronic means and is potentially accessible to a customer without any necessary connection to where the customer is physically located, application of multiple State law standards to that particular activity conflicts with the uniformity of standards under which national banks were designed to operate. The final rule's provision on the applicability of State law accordingly provides that the applicability of State law to a national bank's conduct of its authorized activities through electronic means and facilities is governed by traditional principles of Federal preemption derived from the Supremacy Clause, and that, therefore, a State law would not be applicable to such activities if the State law stands as an obstacle to the achievement of a Federal objective, namely, the ability of national banks to exercise uniformly their Federally authorized powers--in this case, through electronic means or facilities.\31\
  
  \31\Of course, in some instances, Federal law will specify that national banks are to look to State law standards to determine the extent of their power to conduct certain activities (e.g., establishment of intrastate branches, scope of fiduciary powers) or the manner in which a particular power may be exercised (e.g., insurance).
  
  The phrase ``stands as an obstacle'' was used by the Supreme Court in Barnett Bank of Marion County v. Nelson\32\ as one of several formulations reflecting the standard for determining whether a State law is preempted, and we intend the use of this phrase to reflect the full dimensions of the Court's reasoning in that case. Notably, in Barnett, the Supreme Court cited National Bank v. Commonwealth,\33\ a case decided very shortly after the establishment of the national banking system. In that decision, the Court held that the State law in question was not preempted because it did not ``interfere with, or impair [national banks'] efficiency in performing the functions for which they are designed * * *.''\34\ This language was echoed 26 years later in the Court's decision in Davis v. Elmira Savings Bank, where the Court expressly recognized that State law may not ``frustrate the purpose'' of the ``national legislation'' creating the national banking system or ``impair the efficiency'' with which national banks function as the components of a uniform, nationwide banking system.\35\ Clearly, the application of a multiplicity of State-based standards, each potentially altering--in different ways--the extent and manner in which a national bank may exercise any particular Federally authorized power through electronic means, would stand as an obstacle to achievement of the Federal objective, namely, a uniform, nationwide banking system,\36\ and ``interfere with'' and ``impair'' the efficiency with which national banks are able to perform activities authorized under Federal law\37\ through electronic means and facilities. The final rule contains revisions to appropriately reflect these considerations in determining the applicability of State law.
  
  \32\517 U.S. 25 (1996).
  
  \33\76 U.S. (9 Wall.) 353 (1870).
  
  \34\Id. at 362.
  
  \35\Davis, 161 U.S. at 283, 284. In Davis, the Court held that a New York law purporting to require the receiver of an insolvent national bank to make preferential payment of receivership assets to ``any savings bank'' that had funds on deposit at the failed bank was preempted by the Federal statute requiring pro rata payment of such assets to any creditors who could prove their claims. The Court reasoned that one of the purposes of the ``national legislation'' creating the national banking system was ``to secure . . . a just and equal distribution of the assets of national banks among all unsecured creditors, and to prevent such banks from creating preferences in contemplation of insolvency. This public aim in favor of all the citizens of every state of the Union is manifested by the entire context of the national bank act.'' Id. at 284.
  
  \36\Easton, 188 U.S. at 229, 231-32; Davis, 161 U.S. at 283-85.
  
  \37\National Bank, 76 U.S. (9 Wall.) at 362; Davis, 161 U.S. at 283.
2. Composite Authority to Engage in Electronic Banking Activities (Sec. 7.5003)
  
  We noted in the preamble to proposed Sec. 7.5003 that some electronic banking activities that appear novel may actually be merely a collection of interrelated activities, each of which is permissible under well-settled authority. Thus, to clarify national banks' authority to conduct this type of composite activity, we proposed to adopt a new Sec. 7.5003, which provides that an electronic
  
  [[Page 34998]]
  
  product or service comprised of several elements or activities is authorized if each of the constituent elements or activities is authorized.
  
  Commenters supported this proposal because it addresses the reality that electronic products and services rarely fit into one specific category of authority. Thus, we are adopting this rule as proposed. 6. Excess Electronic Capacity (Sec. 7.5004)
  
  The proposed rule in Sec. 7.5004 recognized that the OCC has long applied the ``excess capacity'' doctrine to the technology resources of national banks to enable them to avoid waste and deploy those resources efficiently.\38\ While the doctrine originated to allow banks to use excess real property efficiently, it has taken on particular significance as banks conduct more business through developing technologies such as Internet access, software production and distribution, long line telecommunications and data processing equipment, electronic security systems, and call centers.\39\ Accordingly, we proposed to relocate the excess electronic capacity rule from current Sec. 7.1019 to new subpart E and to add specific examples. The final rule adopts this approach, but amends the proposal in response to comments received.
  
  \38\The excess capacity doctrine holds that a bank properly acquiring an asset to conduct its banking business is permitted, under its incidental powers, to make full economic use of the property if using the property solely for banking purposes would leave the property underutilized. See OCC Conditional Approval No. 361 (Mar. 3, 2000).
  
  \39\See OCC Interpretive Letter No. 742, reprinted in [1996-1997 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81-106 (Aug. 19, 1996); OCC Interpretive Letter No. 677, reprinted in [1994-1995 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 83,625 (June 28, 1985); Letter from William Glidden (June 6, 1986) (unpublished); Letter from Stephen Brown (Dec. 20, 1989) (unpublished); and OCC Conditional Approval No. 361 (Mar. 3, 2000).
  
  The proposed rule stated that a national bank may acquire or develop excess capacity ``in good faith for banking purposes.'' In applying this test, the OCC and the courts consistently have reviewed a bank's objective business reasons for obtaining the excess capacity. To clarify the appropriate focus of the excess capacity test, and to avoid creating any misperception that the focus is on the subjective intent or mental state of bank management, the final rule states that a national bank may market and sell electronic capacities ``legitimately acquired or developed by the bank for its banking business.'' The ``legitimate'' standard incorporates the requirement that the excess capacity must be acquired in ``good faith'' for banking purposes.\40\ This test recognizes the broad policy of optimization of resources and avoidance of loss or waste. To further clarify how the excess capacity doctrine is to be applied, we have provided specific and non-exclusive examples in the regulation to illustrate when legitimate excess electronic capacity may be acquired.
  
  \40\See OCC Interpretive Letter No. 888, reprinted in [2000-2001 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81,407 (Mar. 14, 2000). See also Brown v. Schleier, 118 F. 981 (8th Cir. 1902), aff'd. 194 U.S. 18 (1904).
  
  The final rule also adopts the proposed examples of excess capacity in equipment or facilities of national banks that have been found to have been acquired legitimately for banking purposes. The examples in the final rule are not exclusive, but merely illustrate uses of excess electronic capacity that we have approved. As our approvals to date demonstrate, the determination that a particular acquisition of excess electronic capacity is permissible is fact-specific. Accordingly, we encourage banks with questions regarding appropriate uses of excess electronic capacity to consult with the OCC.
  
  In the preamble to the proposed rule, the OCC asked whether the final rule should codify a doctrine closely related to excess capacity: the so-called ``by-product doctrine.'' Under this authority, a national bank may sell by-products, such as software, legitimately developed by the bank for or during the performance of its permissible data processing functions. A number of commenters urged the OCC to explicitly codify the by-product doctrine. They noted that as part of their electronic banking products or internal operations, national banks often internally design and create software or other products that may have broader application. The by-product doctrine enables national banks to sell such products into the general market and, thus, gain revenue to offset internal development costs.
  
  We have determined that it would be helpful to recodify the by- product doctrine in the final rule. Until 1984, the OCC's data processing rule specifically recognized the by-product doctrine.\41\ Although this language was deleted from the rule in 1984,\42\ it was not done with the intention to change the OCC's position regarding this theory. The 1984 revision was merely a non-substantive format change in the rule done largely to avoid potential confusion. The OCC believes that it has now developed a considerable body of precedent on the by- product doctrine that will help provide adequate guidance on these issues and reduce the risk of confusion.\43\
  
  \41\See 12 CFR 7.3500 (1983).
  
  \42\See 49 FR 11157 (Mar. 26, 1984).
  
  \43\See, e.g., OCC Interpretive Letter No. 284, reprinted in
  
  [1983-1984 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 85,448 (Mar. 26, 1984); OCC Interpretive Letter No. 449, reprinted in
  
  [1988-1989 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 85,673 (Aug. 23, 1988); and OCC Interpretive Letter No. 677, supra note 53.
3. National Bank Acting as a Digital Certification Authority (Sec. 7.5005)
  
  The OCC has permitted a national bank to act as a certification authority\44\ that issues certificates verifying the identity of the certificate holder to support digital signatures.\45\ Proposed Sec. 7.5005 would codify this position. Comments supported this proposal and it is adopted without significant change in paragraph (a) of Sec. 7.5005.
  
  \44\See OCC Conditional Approval No. 267, supra note 16.
  
  \45\Digital signatures are a form of electronic authentication that permit the recipient of an electronic message to verify the sender's identity. In order for a digital signature system to operate successfully, the message recipient must have assurance that the public key used to decode a message is uniquely associated with the sender. One method of providing that assurance is for a trusted third-party (called a ``certification authority'') to issue a digital certificate attesting to this association. The certification authority generates and signs digital certificates to verify the identity of the person transmitting a message electronically. The mathematical function the sender uses to encode a message is called the sender's private key. The related function that the recipient of the message uses to decode the message is called the sender's public key. In public key infrastructure (``PKI'') systems based on asymmetric encryption, each private key is uniquely associated with a particular counterparty public key. Thus, if one has assurance that a specific private key is associated with a person and under his or her sole control, any message that can be decoded using that person's public key may be assumed to have been sent by that person.
  
  The preamble to the proposed rule requested comments on whether the final rule should also authorize national banks to issue digital certificates that verify attributes beyond mere identity, i.e., the authority or financial capacity of the certificate holder. We invited comment on the extent to which national banks propose to engage in these activities, how they will be structured, and whether permitting national banks to issue certificates to verify additional attributes beyond identity presents unique risks.
  
  Generally, commenters strongly supported extending the certification authority to attributes beyond identity. Commenters said that verification of certificate holder transaction authority and financial capacities are necessary for banks to be able to effectively market electronic banking services. These commenters noted that national banks have long had experience in certifying the financial capacity of their
  
  [[Page 34999]]
  
  customers. For example, banks issue letters of credit or loan approval letters to give comfort to third parties that the bank customer has the financial capacity to consummate contemplated transactions. Banks also manage and verify account numbers, account balances, and transactions charged to those account numbers. Some commenters requested that the final rule not be limited to a particular list of functions. They noted that the methods and usefulness of certification authority services will continue to evolve. Thus, they urged that the final rule should enhance flexibility so that a certificate can be issued for any purpose where the underlying verification is part of the business of banking. They requested that the final rule list particular attributes, such as financial capacity, as examples of this extended certification authority activity.
  
  However, other commenters urged the OCC to consider the risks that may arise when the new certification activities either are combined with or approximate in function the existing authority for independent undertakings.\46\ The commenters were particularly concerned that any new authority to issue extended certificates relating to financial capacity might raise risks similar to those assumed by banks issuing letters of credit and other independent undertakings.
  
  \46\See 12 CFR 7.1016.
  
  The final rule provides that national banks may issue digital certificates to verify any attribute for which verification is part of or incidental to the business of banking and lists several types of financial capacity as examples of such attributes. This list is intended to be non-exclusive. We will consider what other attributes might be verified in an electronic certificate on a case-by-case basis so that the potential risks can be better assessed.
  
  We recognize that the extended authority to issue non-identity digital certificates presents supervisory issues. We have existing guidance on digital certificates (OCC Bulletin 99-20), and intend to update that guidance to address issues arising under the extended authority codified in Sec. 7.5005(b). These issues arise in part because the party issuing the certificate is verifying an attribute-- such as financial capacity--that can and does change over time.
  
  If a bank were to verify that funds will be available on a certain date in its certificates, the bank would, in effect, be engaging in an electronic independent undertaking. However, the extended certificate authority codified in Sec. 7.5005(b) is distinct from independent undertakings, both analytically and operationally. To facilitate this distinction, the final rule clarifies by examples the types of financial verifications that the OCC intends to authorize in extended certifications. Specifically, the final rule lists examples of permissible financial certifications that involve verification of the following existing facts: (1) Account balance as of a particular date; (2) lines of credit as of a particular date; (3) past performance of customer (like a credit report); and (4) verification of customer relationship as of a particular date. Each of these verifications represents a statement of fact as of a particular current or previous date with respect to the certificate subscriber. Thus, financial certificates do not represent a promise by the certificate authority bank to the relying party that particular funds will be available or advanced for a particular transaction. For this reason, a financial certification is distinguished from an independent undertaking, which is a promise by a bank to make available funds for a particular transaction upon presentation of specified documents. An independent undertaking exposes the issuing bank to credit risk; a properly formulated and limited financial certification does not.
  
  We expect banks issuing financial capacity certificates to take steps appropriate to address the risk that a party receiving a financial certification (the relying party, usually a seller) would assert that the certification is really an implied promise or representation by the issuing bank that funds will be available or advanced to pay for a particular transaction. We expect issuing banks to take appropriate precautions against having their financial certificates construed as implied promises to lend. While other risk controls will be appropriate in particular cases,\47\ the final rule provides that financial capacity certificates must include express disclaimers stating that the bank does not thereby promise or represent that funds will be available or advanced for a particular transaction.
  
  \47\For example, the risk of confusion may be particularly great in situations where the bank is issuing a financial certification on the existence of a line of credit. Relying parties might try to assert that this certificate constitutes an implied promise that the verified credit line would be available to fund their specific transaction. Thus, in connection with such certifications, the issuing bank might not only include the disclaimer discussed above but also make available with the digital certificate the terms of the line of credit so that the relying parties may directly assess its availability for their transaction.
  
  If banks take necessary precautions and issue appropriately designed financial certifications, the requirements of Sec. 7.1016 (which are designed predominantly to control credit risk) should not be required as a risk mitigation device. However, if a purported financial capacity certificate did guarantee or promise funds availability, the requirements of Sec. 7.1016 should and will apply. Under the transparency rule in Sec. 7.5002 of the final rule, electronic letters of credit are clearly permissible. However, in contrast to the financial certifications authorized under Sec. 7.5005 of this final rule, electronic letters of credit are subject to Sec. 7.1016 because they are independent undertakings.\48\
  
  \48\See 12 CFR 7.5005(c).
  
  Finally, the proposed rule contemplated that verification will be provided as part of a digital certificate, i.e., the certificate itself would contain the verified information on authority or financial capacity. However, some commenters requested that the final rule also enable banks to issue certificates that interoperate with the bank's internal systems so that the certificate is associated automatically with information in those systems related to the certificate holder. In other words, the verified information would reside not in the certificate, but in bank systems linked to the certificate. The benefit of this approach is that a system-linked certificate can provide access to information that is updated whenever the bank's systems are updated, whereas information resident on the certificate can become rapidly outdated. Thus, some comments urged that the final rule expressly authorize banks to engage in electronic authentication activities regardless of the particular technology employed.
  
  We agree that there are significant advantages to system-linked certificates. However, such certificates also present very different risks than the certificate-based PKI systems for which the OCC has issued guidance.\49\ For this reason, the final rule does not contain a general authorization for system-linked certificates. However, we are prepared to consider on a case-by-case basis how national banks may use new technologies and models, beyond PKI-based digital certificates, to provide permissible electronic verification services.
  
  \49\See OCC Bulletin 99-20.
4. Data Processing (Sec. 7.5006)
  
  Proposed Sec. 7.5006(a) codified OCC interpretations confirming that a national bank may collect, process,
  
  [[Page 35000]]
  
  transcribe, analyze, and store banking, financial, and economic data for itself and its customers as part of the business of banking.\50\ Commenters were generally supportive of this aspect of the proposed rule and we are adopting it with some changes. Specifically, the final rule provides additional guidance on the scope and range of permissible banking, financial or economic data processing in two ways. First, the final rule clarifies that permissible ``processing'' of eligible data includes provision of data processing services, data transmission services, facilities (including equipment, technology, and personnel), databases and advice. It also includes providing access to such services, facilities, databases and advice. Second, the rule specifies that for purposes of this section, ``economic data'' includes anything of value in banking and financial decisions.\51\
  
  \50\See, e.g., OCC Conditional Approval No. 289 (Oct. 2, 1998); OCC Interpretive Letter No. 805, reprinted in [1997-1998 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81,252 (Oct. 9, 1997). A prior OCC interpretive ruling on electronic banking specifically stated that ``as part of the business of banking and incidental thereto, a national bank may collect, transcribe, process, analyze and store for itself and others, banking, financial, or related economic data.'' 39 FR 14192, 14195 (Apr. 22, 1974). This language was deleted from former 12 CFR 7.3500 because the OCC was concerned that the specific examples of permissible activities in the ruling, such as the marketing of excess time, by-products, and the processing of ``banking, financial, or related economic data,'' had led to confusion and misinterpretation. See 47 FR at 46526, 46529 (Oct. 19, 1982). However, the preamble to the proposal to simplify the rule stated that ``the Office wishes to make clear that it does not intend to indicate any change in its position regarding the permissibility of data processing services.'' Id. Since 1982, the risk of confusion and misinterpretation of a regulation has significantly diminished due to, among other reasons, the substantial number of interpretive letters the OCC has issued on permissible data processing that can provide a context for understanding the rule.
  
  \51\See, e.g., Association of Data Processing Service Organizations, Inc. v. Board of Governors, 745 F.2d 677, 691 (D.C. Cir. 1984).
  
  In addition to processing of banking, financial or economic data, national banks, under their authority to conduct activities incidental to the business of banking, may also provide limited amounts of non- financial information processing to their customers to enhance marketability or use of a banking service.\52\ In determining the permissible scope of this incidental processing, we typically inquire whether the processing of non-financial data is convenient or useful to the specific processing of financial data or other business of banking activities in a specific contract or relationship.
  
  \52\See, e.g., OCC Conditional Approval No. 369 (Feb. 25, 2000).
  
  Thus, in the preamble discussing proposed Sec. 7.5006, we requested comment on whether to codify this authority to conduct incidental non- financial data processing and specifically whether to provide that a national bank may generally derive a certain specified percentage of its total annual data processing revenue from processing non-financial data. Anecdotal evidence suggested that national banks attempting to market financial data processing services are frequently confronted with customer demands that the bank also process some non-financial data so that the customer can avoid the inconvenience of having to use two different processors for financial data and for non-financial data. Moreover, banks' competitors in the marketplace are providing these fully integrated data processing services. Thus, we asked for comments and evidence on the extent of this type of customer demand in order to determine whether it is so pervasive as to warrant authorizing the processing of non-financial data in connection with financial data processing in lieu of our current case-by-case approach.
  
  The comments filedin response to this request supported codification of the authority to engage in incidental non-financial data processing. These comments establish that such a rule is warranted to accommodate pervasive realities of the financial data processing marketplace. Accordingly, we have decided to adopt a more flexible approach to non-financial data processing rather than a safe harbor with a specific percentage (e.g., 30% or 49%). We believe that, in light of the rapidly evolving nature of bank data processing and the data processing markets in which banks compete, a fixed percentage could be inappropriately rigid.
  
  The final rule therefore provides that, in addition to its authority to process banking, financial, and economic data, a national bank may also process additional types of data to the extent convenient or useful to the bank's ability to provide the banking, financial, and economic data processing services. This approach to permissible incidental data processing would be satisfied where providing non- financial data processing is reasonably necessary to conduct the financial data processing services on a competitive basis. The bank's total revenue from providing data processing services under this section must, however, be derived predominantly by from processing banking, financial, or economic data. Thus, under the final rule, a bank offering financial data processing services will also be able to offer additional processing of incidental non-financial data if it determines that, in the market it is attempting to serve, processing of some non-financial data is reasonably necessary to operate on a competitive basis and if the aggregate revenue from such incidental non-financial processing is not the predominant source of its total revenue from data processing services under this section.
  
  We believe this approach, which is fully consistent with judicial and OCC precedent,\53\ is preferable to a specific percentage-based safe harbor because it adheres to concepts that allow a component of the bank's data processing to include non-financial data processing and provides more flexibility to accommodate the evolving role in data processing in the business of banking. Banks that engage in financial or non-financial data processing will be expected to comply with all applicable supervisory requirements and guidance.\54\ The OCC will develop additional guidance for examiners and bankers on data processing activity, as needed.
  
  \53\See generally Sec. 7.5001(c)(2). OCC has long held that a national bank, under its incidental powers, may sell non-banking products and services when reasonably necessary to provide banking products on a competitive basis by creating a package of related services needed to satisfy consumer demand, meet market competition, and enable the bank to successfully market its banking services. Thus, for example, in OCC Interpretive Letter No. 742, supra note 53, OCC found offering of Internet access service was needed to successfully provide and market the bank's Internet banking service. We found limiting the bank's Internet access services, to block non- banking use, would not meet customer needs or the competing products in the marketplace. See also OCC Interpretive Letter No. 611, supra note 6 (bank selling home banking service can also provide customer access to non-banking services ``to increase the customer base and service the usage of the program''); OCC Interpretive Letter No. 653, reprinted in [1994-1995 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 83,601 (Dec. 22, 1994) (national banks may offer non- banking products as part of larger product or service when necessary, convenient, and useful to bank permissible activities); cf. National Courier Ass'n v. Board of Governors, 516 F.2d 1229, 1240 (D.C. Cir. 1975) (incidental powers of holding companies include providing specialized courier services when service is necessary to obtain full benefit of data processing services). Compare National Retailers Corp. v. Valley Nat'l Bank, 411 F. Supp. 308 (D. Ariz. 1976), aff'd, 604 F. 2d 32 (9th Cir. 1979). In light of subsequent developments, however, for the reasons stated in OCC Interpretive Letter 928 (Dec. 24, 2001) and Interpretive Letter No. 856 (Mar. 5, 1999), the OCC does not believe that courts today would accord significant weight to the National Retailers case.
  
  \54\See, e.g., OCC Alert No. 2001-4 (Network Security Vulnerabilities); OCC Advisory Letter No. 2001-12 (Risk Management of Outsourcing Technology); and OCC Bulletin No. 2000-14 (Infrastructure Threats-Intrusion Risks--Message to Bankers and Examiners).
  
  In addition to the authority to provide data processing under this section, national banks also have other
  
  [[Page 35001]]
  
  authorities to process data that is non-financial. For example, banks may process data (regardless of the type) under the excess capacity doctrine and under their correspondent authority. These additional authorities are codified in other sections of the new Subpart E;\55\ their rationale and concomitant limitations are independent and distinct from the authority to process banking, financial, and economic data and incidental non-financial data under Sec. 7.5006 of the final rule. Thus, the revenue derived from non-financial data processing that may occur under these other authorities and activities is not included as non-banking, financial, or economic data processing revenue in computing the total revenue from Sec. 7.5006 data processing services used to determine compliance with the predominantly proviso in new Sec. 7.5006(b).
  
  \55\See, e.g., Sec. 7.5001(d), 7.5004, and 7.5007.
5. Correspondent Services (Sec. 7.5007)\56\
  
  \56\We have modified the title of this section from ``correspondent banking'' to ``correspondent services'' to more accurately reflect the activity authorized by this section.
  
  The proposed rule codified the OCC's longstanding interpretation that national banks may perform for other entities an array of activities called ``correspondent services'' as part of the business of banking.\57\ These activities include any corporate or banking service that a national bank may perform for itself.\58\ A national bank may perform these activities for any of its affiliates or for other financial institutions.\59\
  
  \57\See, e.g., OCC Interpretive Letter No. 875, supra note 6; OCC Interpretive Letter No. 811, reprinted in [1997-1998 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81-259 (Dec. 18, 1997); OCC Corporate Decision No. 97-79 (July 11, 1997).
  
  \58\See OCC Interpretive Letter No. 467, reprinted in [1988-1989 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 85,691 (Jan. 24, 1989) (national bank may offer wide range of correspondent services); Letter from Wallace S. Nathan, Regional Counsel (Dec. 3, 1982) (unpublished) (microfiche services); Letter from John E. Shockey, Chief Counsel (July 31, 1978) (unpublished) (advertising services).
  
  \59\See, e.g., OCC Interpretive Letter No. 875, supra note 6; OCC Interpretive Letter No. 513, reprinted in [1990-1991 Transfer Binder] Fed. Banking L. Rep. para. 83,215 (June 18, 1990).
  
  This proposal also codified a number of OCC interpretations that approve certain electronic- and technology-related activities as permissible correspondent services for national banks and included these activities in the text of the regulation as examples of electronic activities that banks may offer as correspondent services. These examples included: (1) Providing computer networking packages and related hardware that meet the banking needs of financial institution customers;\60\ (2) processing bank, accounting, and financial data, such as check data, other bookkeeping tasks, and general assistance of correspondents' internal operating, bookkeeping, and data processing;\61\ (3) selling data processing software;\62\ (4) developing, operating, managing, and marketing products and processing services for transactions conducted at electronic terminal devices including, but not limited to, ATMs, POS terminals, scrip terminals, and similar devices;\63\ (5) item processing services and related software development;\64\ (6) document control and record keeping through the use of electronic imaging technology;\65\ (7) Internet merchant hosting services for resale to merchant customers;\66\ and (8) communication support services through electronic means, such as: (i) The provision of electronic ``gateways'' in order to communicate and receive financial information and to conduct transactions; (ii) creating, leasing, and licensing communications systems, computers, analytic software, and related equipment and services for sharing information concerning financial instruments and economic information and news; and (iii) the provision of electronic information and transaction services and linkage for financial settlement services.\67\
  
  \60\See OCC Interpretive Letter No. 754, supra note 20.
  
  \61\ See, e.g., Letter from Vernon E. Fasbender, Director for Analysis, Southeastern District (Dec. 6, 1990); OCC Interpretive Letter No. 345, reprinted in [1985-1987 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 85,515 (July 9, 1985); Letter from Joe H. Selby, Deputy Comptroller (Nov. 22, 1978).
  
  \62\See, e.g., OCC Interpretive Letter No. 868, reprinted in
  
  [Current Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81-362 (Aug. 16, 1999).
  
  \63\See, e.g., OCC Interpretive Letter No. 890, reprinted in
  
  [1999-2000 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81-409 (May 15, 2000).
  
  \64\See, e.g., Letter from Vernon E. Fasbender, Director for Analysis, Southeastern District (Dec. 6, 1990); and Letter from J.T. Watson, Deputy Comptroller of the Currency (Mar. 22, 1973).
  
  \65\See OCC Interpretive Letter No. 805, supra note 64.
  
  \66\See Corporate Decision No. 2000-08 (June 1, 2000); and OCC Interpretive Letter No. 875, supra note 6.
  
  \67\See OCC Interpretive Letter No. 611, supra note 6; OCC Interpretive Letter No. 516, supra note 6; and OCC Interpretive Letter No. 346, reprinted in [1985-1987 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 85,516 (July 31, 1985).
  
  Two commenters requested that the OCC add digital certification authority services to these examples of permissible correspondent activities. We agree that it is appropriate to add this activity to Sec. 7.5007 because we have previously approved it in interpretive letters.\68\ Accordingly, the final rule includes this activity as an additional example.
  
  \68\See OCC Conditional Approval No. 339 (Nov. 6, 1999).
  
  Two other commenters expressed concern that, as proposed, Sec. 7.5007 may give the impression that the OCC considers the list of permissible correspondent activities in the regulation to be exhaustive. As indicated above, this list is a codification of existing OCC interpretations and is not intended to be restrictive. To clarify this point, we have amended Sec. 7.5002 to specifically provide that these examples are only illustrative. We will continue to consider, on a case-by-case basis, the authorization of new electronic- and technology-related activities as correspondent services offered by national banks that may not be included in the examples provided in the regulation.
Location
1. Location of a National Bank Conducting Electronic Activities (Sec. 7.5008)
As the OCC noted in the preamble to the proposed rule, the effect of several statutes affecting national banks turns in part on where the bank in question is ``located.'' In addition, the scope of this term (or closely related statutory terms, such as ``situated'')--whether it refers only to the bank's main office, includes branches as well, or means something different--varies from statute to statute.\69\ Moreover, national banks often conduct a significant portion of their operations in locations that are distinct from their main office and branches.

\69\See, e.g., 12 U.S.C. 24 (Eighth) (charitable contributions); 12 U.S.C. 29 (authority to hold real estate); 12 U.S.C. 36 (branching); 12 U.S.C. 72 (director qualifications); 12 U.S.C. 92 (authority to act as insurance agent or broker); 12 U.S.C. 92a (trust powers); 12 U.S.C. 94 (venue); 12 U.S.C. 215 and 215a (bank consolidations and mergers); and 12 U.S.C. 548 (State taxation).

To remove any ambiguity on the scope of this term, the proposed rule provided that a national bank will not be considered located in a State solely because it physically maintains equipment or facilities that are necessary for the use of electronic technologies, such as a server or automated loan center, in that State, or because the bank's products or services are accessed through electronic means by customers located in the State. This interpretation of ``located'' is consistent with evolving case authority.\70\ Thus, for example, these factors would not result in a bank being considered to be

[[Page 35002]]

``located'' in a particular State for purposes of 12 U.S.C. 85.

\70\See, e.g., Amberson Holdings LLC v. Westside Story Newspaper, 110 F. Supp. 2d 332 (D.N.J. 2000).

Most of those who commented on this issue supported our proposal. One commenter asked that we amend this provision to state specifically that a product or service provided through electronic means shall be deemed to be offered and delivered from a single location. This suggestion raises broader issues that require additional analysis, which at this time we believe is best undertaken on a case-by-case basis rather than through this rulemaking.

Another commenter requested that we delete the word ``solely'' from the proposed provision in order to eliminate any inference that the location of a bank's technological equipment or customers may ever be considered in the determination of a bank's ``location.'' It is not our intent to remove these factors altogether from the determination of where a bank is located since the equipment may be connected to other relevant activities of the bank. Instead, the purpose of this provision is simply to make clear that these factors alone will not determine the bank's location in a State.

Accordingly, the OCC has adopted Sec. 7.5008 as proposed. 2. Location Under 12 U.S.C. 85 of National Banks Operating Exclusively Through the Internet (Sec. 7.5009)

Twelve U.S.C. 85 authorizes a national bank to charge interest in accordance with the laws of the State in which it is located. In interpreting section 85, the Supreme Court has held that a national bank is ``located'' in the State where it has its main office (its home State).\71\ Thus, a national bank may charge the interest rates permitted by its home State no matter where the borrower resides or what contacts with the bank occur in another State.

\71\See Marquette Nat. Bank v. First of Omaha Serv. Corp., 439 U.S. 299 (1978). The OCC also has determined that for purposes of section 85, under certain circumstances, an interstate national bank may be considered to be ``located'' in a state where it has a branch. In this situation, the bank may be required to impose interest rates in accordance with the law of the branch state. See OCC Interpretive Letter No. 822 (Feb. 17, 1998). A national bank that operates exclusively through the Internet and thus has no branches would not be affected by this interpretive letter.

The OCC has chartered several national banks without physical branches that make loans or extend credit exclusively through the Internet. The proposal provided that, for purposes of 12 U.S.C. 85, the main office of a national bank that operates exclusively through the Internet is the office identified by the bank under 12 U.S.C. 22 (Second) or as relocated pursuant to 12 U.S.C. 30 or other appropriate authority.

Many commenters supported this section as proposed. We therefore are adopting this section in the final rule, with one minor technical change. Because the OCC does not always use the term ``Internet-only'' in its guidance and interpretations, we have removed that term from the title of Sec. 7.5009.
Safety and Soundness

Shared Electronic Space (Sec. 7.5010)

In light of the increased ability of national banks to enter into joint marketing relationships with third-parties through the Internet, we proposed to extend the same general principles as set forth in 12 CFR 7.3001\72\ on shared physical space to situations where banks share co-branded web sites or other electronic space with subsidiaries, affiliates, or other third-parties. The proposed rule was in part based upon our recent guidance on weblinking arrangements,\73\ and was designed to reduce risk of customer confusion. To that end, the proposed rule would have required national banks to take reasonable steps to enable customers to distinguish between products and services offered by the bank and those offered by the third-party. The bank also would have been required to disclose its limited role with respect to the third-party product or service and to call attention to the fact that the bank does not provide, endorse, or guarantee any of the products or services available from the third-party.

\72\Under 12 CFR 7.3001, a national bank may lease space on bank premises to other businesses and share space jointly with other businesses subject to certain conditions. The conditions set forth in Sec. 7.3001(c) are intended to minimize customer confusion about the nature of the products offered and promote the safe and sound operation of the bank.

\73\See OCC Bulletin 2001-31 (``OCC Weblinking Bulletin'').

However, many commenters expressed concern that the proposed rule was excessively prescriptive and would unduly limit industry flexibility in responding to the risks of customer confusion regarding shared electronic space. These commenters suggested that a prescriptive rule was unnecessary at this time in light of the OCC Weblinking Bulletin and that the OCC should delay action on a rule until the agency has had more opportunity to evaluate the effectiveness and impact of the Bulletin.

We have decided to adopt a shared electronic space rule, but with significant changes to the proposed rule that are responsive to comments received. In our view, a general rule on shared electronic space is needed to address broader forms of shared electronic space that are becoming increasingly prevalent, but are not covered by the OCC Weblinking Bulletin. These forms include shared web sites and bank web pages that are embedded in third-party sites. The final rule on electronic shared space will provide guidance to the industry, promote greater awareness of relevant issues, and facilitate examiner efforts to supervise this activity.

However, we have decided not to promulgate at the present time the more specific portions of the proposed rule that would have required a national bank with shared electronic space to make specific disclosures of its limited role with respect to third-party products and to advise that the bank does not provide, endorse, or guarantee any of the products or services available through the shared electronic space. In light of concerns expressed by many commenters, we believe that it would be appropriate to gain more experience in this area before codifying detailed requirements.

The final rule requires that national banks sharing electronic space with a third-party must take reasonable steps to clearly, conspicuously, and understandably distinguish between products and services offered by the bank and those offered by the third-party. In determining whether a bank has taken reasonable steps to distinguish third-party products and services available through shared electronic space, we will consider a number of factors. Among other things, we will look at web page formatting (including visual cues to the consumer), text-based or audio narrative, and compliance with other product-specific regulatory disclosure requirements. Additionally, what constitutes ``reasonable steps'' will depend upon the specific product and context; some products and contexts may require more information to be disclosed than others. Finally, the OCC Weblinking Bulletin will provide helpful guidance regarding both linking arrangements and other non-linking forms of shared electronic space.

A number of holding company commenters were concerned about how the proposed rule would apply to holding company web sites that share a common name with the bank and have web pages for a subsidiary national bank embedded in the holding company site. These commenters suggested that the final rule should not cover situations where a subsidiary bank shares its holding company's web site. However, we have consistently applied Sec. 7.3001 to

[[Page 35003]]

physical space shared with affiliates. Moreover, in the physical non- electronic context, we have found that serious customer confusion potentially can arise when national banks sell holding company products and obligations, including commercial paper, on bank premises. Likewise, we are concerned that, if banks do not provide adequate disclosures in electronic space shared with affiliates, bank customers will become confused over the bank's responsibility for an affiliate's products and obligations sold through that shared space. For this reason, we have decided not to exclude affiliates from coverage by the final rule. However, the elimination of the more specific provisions of the proposed rule should largely ameliorate the concerns of the commenting holding companies.

Regulatory Flexibility Act

Pursuant to section 605(b) of the Regulatory Flexibility Act (RFA), 5 U.S.C. 605(b), the regulatory flexibility analysis described in section 603 of the RFA, 5 U.S.C. 603, is not required if the head of the agency certifies that the rule will not have a significant economic impact on a substantial number of small entities and the agency publishes such a certification and a statement explaining the factual basis for such certification in the Federal Register along with its final rule.

On the basis of the information currently available, the Comptroller of the Currency certifies that this final rule will not have a significant impact on a substantial number of small entities within the meaning of those terms as used in the RFA. The final regulation requires a national bank that shares a co-branded website or other electronic space with a bank subsidiary or a third-party to make certain disclosures designed to enable its customers to distinguish its products and services from those of the subsidiary or third-party. We believe it will be relatively inexpensive for a bank, either internally or through a servicer, to create and display the disclosures required by this regulation. Updating a website is a fixed cost for a bank, and is a practice that is done periodically. In addition, national banks are currently required to provide similar disclosures for leased space on bank premises and when sharing space jointly with other businesses. Therefore, the OCC does not believe that this requirement will have a significant impact on a substantial number of small entities. Accordingly, a regulatory flexibility analysis is not required.

Unfunded Mandates Reform Act of 1995

Section 202 of the Unfunded Mandates Reform Act of 1995, Pub. L. 104-4 (Unfunded Mandates Act) requires that an agency prepare a budgetary impact statement before promulgating a rule that includes a Federal mandate that may result in expenditure by State, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year. If a budgetary impact statement is required, section 205 of the Unfunded Mandates Act also requires an agency to identify and consider a reasonable number of regulatory alternatives before promulgating a rule.

The OCC has determined that the final rule will not result in expenditures by State, local, or tribal governments or by the private sector of $100 million or more. Accordingly, the OCC has not prepared a budgetary impact statement or specifically addressed the regulatory alternatives considered.

Executive Order 12866

The Comptroller of the Currency has determined that this rule does not constitute a ``significant regulatory action'' for the purposes of Executive Order 12866. Under the most conservative cost scenarios that the OCC can develop on the basis of available information, the annual effect on the economy of the final rule falls well short of the $100 million threshold established by the Executive Order.

Paperwork Reduction Act of 1995

The OCC may not conduct or sponsor, and a respondent is not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.), the information collection requirements contained in this rulemaking have been approved under OMB control number 1557-0225. The OCC sought comment on all aspects of the burden estimates for the information collection contained in the proposed rule (66 FR 34855, July 2, 2002). The OCC received no comments.

The information collection requirements are contained in Sec. 7.5010. This section requires a national bank that shares a co- branded website or other electronic space with a bank subsidiary or a third-party to make certain disclosures designed to enable its customers to distinguish its products and services from those of the subsidiary or third-party.

Estimated number of respondents: 1,609.

Estimated number of responses: 1,609.

Estimated burden hours per response: 1 hour.

Estimated total burden hours: 1,609 hours.

The OCC has a continuing interest in the public's opinion regarding collections of information. Members of the public may submit comments to Jessie Dunaway, OCC Clearance Officer, 250 E Street, SW, Attention: 1557-0225, Mailstop 8-4, Washington, DC 20219. Due to the temporary delay in mail delivery, you may prefer to send your comments by electronic mail to jessie.dunaway@occ.treas.gov, or by fax to (202) 874-4889.

Effective Date

The Riegle Community Development and Regulatory Improvement Act of 1994 requires that any new regulation that imposes ``additional reporting, disclosure, or other requirements on insured depository institutions shall take effect on the first day of a calendar quarter which begins on or after the date on which the regulations are published in final form,'' less certain exceptions apply.\74\ This rulemaking contains one section that imposes additional disclosure requirements on national banks. Section 7.5010 requires national banks that share electronic space, including a co-branded web site, with a bank subsidiary, affiliate, or another third-party to take reasonable steps to clearly, conspicuously, and understandably distinguish between products and services offered by the bank and those offered by the bank's subsidiary, affiliate, or the third-party. Accordingly, the requirement to delay the effective date until the first day of the next calendar quarter applies to Sec. 7.5010. The remaining sections of this final rule do not impose additional reporting, disclosure, or other requirements on insured depository institutions and therefore will become effective 30 days after publication, in accordance with 5 U.S.C. 553(d).

\74\Pub. L. 103-325, section 302(b) (Sept. 23, 1994).

List of Subjects in 12 CFR Part 7

Credit, Insurance, Investments, National banks, Reporting and recordkeeping requirements, Securities, Surety bonds.

Authority and Issuance

For reasons set forth in the preamble, the OCC amends part 7 of chapter I of

[[Page 35004]]

title 12 of the Code of Federal Regulations as follows:

PART 7--BANK ACTIVITIES AND OPERATIONS
1. The authority citation for part 7 continues to read as follows:
  
  Authority: 12 U.S.C. 1 et seq., 92, 92a, 93, 93a, 481, 484, 1818.
2. Section 7.1002 is revised to read as follows:
  
  Sec. 7.1002 National bank acting as finder.
  
  (a) General. It is part of the business of banking under 12 U.S.C. 24(Seventh) for a national bank to act as a finder, bringing together interested parties to a transaction.
  
  (b) Permissible finder activities. A national bank that acts as a finder may identify potential parties, make inquiries as to interest, introduce or arrange contacts or meetings of interested parties, act as an intermediary between interested parties, and otherwise bring parties together for a transaction that the parties themselves negotiate and consummate. The following list provides examples of permissible finder activities. This list is illustrative and not exclusive; the OCC may determine that other activities are permissible pursuant to a national bank's authority to act as a finder.
  
  (1) Communicating information about providers of products and services, and proposed offering prices and terms to potential markets for these products and services;
  
  (2) Communicating to the seller an offer to purchase or a request for information, including forwarding completed applications, application fees, and requests for information to third-party providers;
  
  (3) Arranging for third-party providers to offer reduced rates to those customers referred by the bank;
  
  (4) Providing administrative, clerical, and record keeping functions related to the bank's finder activity, including retaining copies of documents, instructing and assisting individuals in the completion of documents, scheduling sales calls on behalf of sellers, and conducting market research to identify potential new customers for retailers;
  
  (5) Conveying between interested parties expressions of interest, bids, offers, orders, and confirmations relating to a transaction;
  
  (6) Conveying other types of information between potential buyers, sellers, and other interested parties; and
  
  (7) Establishing rules of general applicability governing the use and operation of the finder service, including rules that:
  
  (i) Govern the submission of bids and offers by buyers, sellers, and other interested parties that use the finder service and the circumstances under which the finder service will pair bids and offers submitted by buyers, sellers, and other interested parties; and
  
  (ii) Govern the manner in which buyers, sellers, and other interested parties may bind themselves to the terms of a specific transaction.
  
  (c) Limitation. The authority to act as a finder does not enable a national bank to engage in brokerage activities that have not been found to be permissible for national banks.
  
  (d) Advertisement and fee. Unless otherwise prohibited by Federal law, a national bank may advertise the availability of, and accept a fee for, the services provided pursuant to this section.
3. Section 7.1019 is removed.
4. New subpart E is added to read as follows:
  
  Subpart E--Electronic Activities
  
  Sec. 7.5000 Scope. 7.5001 Electronic activities that are part of, or incidental to, the business of banking. 7.5002 Furnishing of products and services by electronic means and facilities. 7.5003 Composite authority to engage in electronic activities. 7.5004 Sale of excess electronic capacity and by-products. 7.5005 National bank acting as digital certification authority. 7.5006 Data processing. 7.5007 Correspondent services. 7.5008 Location of national bank conducting electronic activities. 7.5009 Location under 12 U.S.C. 85 of national banks operating exclusively through the Internet. 7.5010 Shared electronic space.
  
  Subpart E--Electronic Activities
  
  Sec. 7.5000 Scope.
  
  This subpart applies to a national bank's use of technology to deliver services and products consistent with safety and soundness.
  
  Sec. 7.5001 Electronic activities that are part of, or incidental to, the business of banking.
  
  (a) Purpose. This section identifies the criteria that the OCC uses to determine whether an electronic activity is authorized as part of, or incidental to, the business of banking under 12 U.S.C. 24 (Seventh) or other statutory authority.
  
  (b) Restrictions and conditions on electronic activities. The OCC may determine that activities are permissible under 12 U.S.C. 24 (Seventh) or other statutory authority only if they are subject to standards or conditions designed to provide that the activities function as intended and are conducted safely and soundly, in accordance with other applicable statutes, regulations, or supervisory policies.
  
  (c) Activities that are part of the business of banking. (1) An activity is authorized for national banks as part of the business of banking if the activity is described in 12 U.S.C. 24 (Seventh) or other statutory authority. In determining whether an electronic activity is part of the business of banking, the OCC considers the following factors:
  
  (i) Whether the activity is the functional equivalent to, or a logical outgrowth of, a recognized banking activity;
  
  (ii) Whether the activity strengthens the bank by benefiting its customers or its business;
  
  (iii) Whether the activity involves risks similar in nature to those already assumed by banks; and
  
  (iv) Whether the activity is authorized for state-chartered banks.
  
  (2) The weight accorded each factor set out in paragraph (c)(1) of this section depends on the facts and circumstances of each case.
  
  (d) Activities that are incidental to the business of banking. (1) An electronic banking activity is authorized for a national bank as incidental to the business of banking if it is convenient or useful to an activity that is specifically authorized for national banks or to an activity that is otherwise part of the business of banking. In determining whether an activity is convenient or useful to such activities, the OCC considers the following factors:
  
  (i) Whether the activity facilitates the production or delivery of a bank's products or services, enhances the bank's ability to sell or market its products or services, or improves the effectiveness or efficiency of the bank's operations, in light of risks presented, innovations, strategies, techniques and new technologies for producing and delivering financial products and services; and
  
  (ii) Whether the activity enables the bank to use capacity acquired for its banking operations or otherwise avoid economic loss or waste.
  
  (2) The weight accorded each factor set out in paragraph (d)(1) of this section depends on the facts and circumstances of each case.
  
  Sec. 7.5002 Furnishing of products and services by electronic means and facilities.
  
  (a) Use of electronic means and facilities. A national bank may perform, provide, or deliver through electronic
  
  [[Page 35005]]
  
  means and facilities any activity, function, product, or service that it is otherwise authorized to perform, provide, or deliver, subject to Sec. 7.5001(b) and applicable OCC guidance. The following list provides examples of permissible activities under this authority. This list is illustrative and not exclusive; the OCC may determine that other activities are permissible pursuant to this authority.
  
  (1) Acting as an electronic finder by:
  
  (i) Establishing, registering, and hosting commercially enabled web sites in the name of sellers;
  
  (ii) Establishing hyperlinks between the bank's site and a third- party site, including acting as a ``virtual mall'' by providing a collection of links to web sites of third-party vendors, organized by- product type and made available to bank customers;
  
  (iii) Hosting an electronic marketplace on the bank's Internet web site by providing links to the web sites of third-party buyers or sellers through the use of hypertext or other similar means;
  
  (iv) Hosting on the bank's servers the Internet web site of:
  
  (A) A buyer or seller that provides information concerning the hosted party and the products or services offered or sought and allows the submission of interest, bids, offers, orders and confirmations relating to such products or services; or
  
  (B) A governmental entity that provides information concerning the services or benefits made available by the governmental entity, assists persons in completing applications to receive such services or benefits and permits persons to transmit their applications for such services or benefits;
  
  (v) Operating an Internet web site that permits numerous buyers and sellers to exchange information concerning the products and services that they are willing to purchase or sell, locate potential counter- parties for transactions, aggregate orders for goods or services with those made by other parties, and enter into transactions between themselves;
  
  (vi) Operating a telephone call center that provides permissible finder services; and
  
  (vii) Providing electronic communications services relating to all aspects of transactions between buyers and sellers;
  
  (2) Providing electronic bill presentment services;
  
  (3) Offering electronic stored value systems; and
  
  (4) Safekeeping for personal information or valuable confidential trade or business information, such as encryption keys.
  
  (b) Applicability of guidance and requirements not affected. When a national bank performs, provides, or delivers through electronic means and facilities an activity, function, product, or service that it is otherwise authorized to perform, provide, or deliver, the electronic activity is not exempt from the regulatory requirements and supervisory guidance that the OCC would apply if the activity were conducted by non-electronic means or facilities.
  
  (c) State laws. As a general rule, and except as provided by Federal law, State law is not applicable to a national bank's conduct of an authorized activity through electronic means or facilities if the State law, as applied to the activity, would be preempted pursuant to traditional principles of Federal preemption derived from the Supremacy Clause of the U.S. Constitution and applicable judicial precedent. Accordingly, State laws that stand as an obstacle to the ability of national banks to exercise uniformly their Federally authorized powers through electronic means or facilities, are not applicable to national banks.
  
  Sec. 7.5003 Composite authority to engage in electronic activities.
  
  Unless otherwise prohibited by Federal law, a national bank may engage in an electronic activity that is comprised of several component activities if each of the component activities is itself part of or incidental to the business of banking or is otherwise permissible under Federal law.
  
  Sec. 7.5004 Sale of excess electronic capacity and by-products.
  
  (a) A national bank may, in order to optimize the use of the bank's resources or avoid economic loss or waste, market and sell to third parties electronic capacities legitimately acquired or developed by the bank for its banking business.
  
  (b) With respect to acquired equipment or facilities, legitimate excess electronic capacity that may be sold to others can arise in a variety of situations, including the following:
  
  (1) Due to the characteristics of the desired equipment or facilities available in the market, the capacity of the most practical optimal equipment or facilities available to meet the bank's requirements exceeds its present needs;
  
  (2) The acquisition and retention of additional capacity, beyond present needs, reasonably may be necessary for planned future expansion or to meet the expected future banking needs during the useful life of the equipment;
  
  (3) Requirements for capacity fluctuate because a bank engages in batch processing of banking transactions or because a bank must have capacity to meet peak period demand with the result that the bank has periods when its capacity is underutilized; and
  
  (4) After the initial acquisition of capacity thought to be fully needed for banking operations, the bank experiences either a decline in level of the banking operations or an increase in the efficiency of the banking operations using that capacity.
  
  (c) Types of electronic capacity in equipment or facilities that banks may have legitimately acquired and that may be sold to third parties if excess to the bank's needs for banking purposes include:
  
  (1) Data processing services;
  
  (2) Production and distribution of non-financial software;
  
  (3) Providing periodic back-up call answering services;
  
  (4) Providing full Internet access;
  
  (5) Providing electronic security system support services;
  
  (6) Providing long line communications services; and
  
  (7) Electronic imaging and storage.
  
  (d) A national bank may sell to third parties electronic by- products legitimately acquired or developed by the bank for its banking business. Examples of electronic by-products that banks may have legitimately acquired that may be sold to third parties if excess to the bank's needs include:
  
  (1) Software acquired (not merely licensed) or developed by the bank for banking purposes or to support its banking business; and
  
  (2) Electronic databases, records, or media (such as electronic images) developed by the bank for or during the performance of its permissible data processing activities.
  
  Sec. 7.5005 National bank acting as digital certification authority.
  
  (a) It is part of the business of banking under 12 U.S.C. 24(Seventh) for a national bank to act as a certificate authority and to issue digital certificates verifying the identity of persons associated with a particular public/private key pair. As part of this service, the bank may also maintain a listing or repository of public keys.
  
  (b) A national bank may issue digital certificates verifying attributes in addition to identity of persons associated with a particular public/private key pair where the attribute is one for which verification is part of or incidental to the business of banking. For example, national banks may issue digital certificates verifying certain
  
  [[Page 35006]]
  
  financial attributes of a customer as of the current or a previous date, such as account balance as of a particular date, lines of credit as of a particular date, past financial performance of the customer, and verification of customer relationship with the bank as of a particular date.
  
  (c) When a national bank issues a digital certificate relating to financial capacity under this section, the bank shall include in that certificate an express disclaimer stating that the bank does not thereby promise or represent that funds will be available or will be advanced for any particular transaction.
  
  Sec. 7.5006 Data processing.
  
  (a) Eligible activities. It is part of the business of banking under 12 U.S.C. 24(Seventh) for a national bank to provide data processing, and data transmission services, facilities (including equipment, technology, and personnel), data bases, advice and access to such services, facilities, data bases and advice, for itself and for others, where the data is banking, financial, or economic data, and other types of data if the derivative or resultant product is banking, financial, or economic data. For this purpose, economic data includes anything of value in banking and financial decisions.
  
  (b) Other data. A national bank also may perform the activities described in paragraph (a) of this section for itself and others with respect to additional types of data to the extent convenient or useful to provide the data processing services described in paragraph (a), including where reasonably necessary to conduct those activities on a competitive basis. The total revenue attributable to the bank's data processing activities under this section must be derived predominantly from processing the activities described in paragraph (a) of this section.
  
  Sec. 7.5007 Correspondent services.
  
  It is part of the business of banking for a national bank to offer as a correspondent service to any of its affiliates or to other financial institutions any service it may perform for itself. The following list provides examples of electronic activities that banks may offer correspondents under this authority. This list is illustrative and not exclusive; the OCC may determine that other activities are permissible pursuant to this authority.
  
  (a) The provision of computer networking packages and related hardware;
  
  (b) Data processing services;
  
  (c) The sale of software that performs data processing functions;
  
  (d) The development, operation, management, and marketing of products and processing services for transactions conducted at electronic terminal devices;
  
  (e) Item processing services and related software;
  
  (f) Document control and record keeping through the use of electronic imaging technology;
  
  (g) The provision of Internet merchant hosting services for resale to merchant customers; (h) The provision of communication support services through electronic means; and
  
  (i) Digital certification authority services.
  
  Sec. 7.5008 Location of a national bank conducting electronic activities.
  
  A national bank shall not be considered located in a State solely because it physically maintains technology, such as a server or automated loan center, in that state, or because the bank's products or services are accessed through electronic means by customers located in the state.
  
  Sec. 7.5009 Location under 12 U.S.C. 85 of national banks operating exclusively through the Internet.
  
  For purposes of 12 U.S.C. 85, the main office of a national bank that operates exclusively through the Internet is the office identified by the bank under 12 U.S.C. 22(Second) or as relocated under 12 U.S.C. 30 or other appropriate authority.
  
  Sec. 7.5010 Shared electronic space.
  
  National banks that share electronic space, including a co-branded web site, with a bank subsidiary, affiliate, or another third-party must take reasonable steps to clearly, conspicuously, and understandably distinguish between products and services offered by the bank and those offered by the bank's subsidiary, affiliate, or the third-party.
  
  Dated: May 8, 2002. John D. Hawke, Jr., Comptroller of the Currency.
  
  [FR Doc. 02-12333Filed5-16-02; 8:45 am]
  
  BILLING CODE 4810-33-P

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Bank activities and operations: Electronic banking,

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users