Corporate Credit Unions
| Published date | 27 March 2020 |
| Record Number | 2020-03837 |
| Section | Proposed rules |
| Court | National Credit Union Administration |
Federal Register, Volume 85 Issue 60 (Friday, March 27, 2020)
[Federal Register Volume 85, Number 60 (Friday, March 27, 2020)]
[Proposed Rules]
[Pages 17288-17299]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-03837]
========================================================================
Proposed Rules
Federal Register
________________________________________________________________________
This section of the FEDERAL REGISTER contains notices to the public of
the proposed issuance of rules and regulations. The purpose of these
notices is to give interested persons an opportunity to participate in
the rule making prior to the adoption of the final rules.
========================================================================
Federal Register / Vol. 85, No. 60 / Friday, March 27, 2020 /
Proposed Rules
[[Page 17288]]
NATIONAL CREDIT UNION ADMINISTRATION
12 CFR Part 704
RIN 3133-AF13
Corporate Credit Unions
AGENCY: National Credit Union Administration (NCUA).
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: The NCUA Board (Board) is seeking comment on a proposed rule
that would amend the NCUA's corporate credit union regulation. The
proposed rule would update, clarify, and simplify several provisions of
the NCUA's corporate credit union regulation, including: Permitting a
corporate credit union to make a minimal investment in a credit union
service organization (CUSO) without the CUSO being classified as a
corporate CUSO under the NCUA's rules; expanding the categories of
senior staff positions at member credit unions eligible to serve on a
corporate credit union's board; amending the minimum experience and
independence requirement for a corporate credit union's enterprise risk
management expert; and requiring a corporate credit union to deduct
certain investments in subordinated debt instruments issued by natural
person credit unions.
DATES: Comments must be received by May 26, 2020.
ADDRESSES: You may submit written comments, identified by RIN 3133-
AF13, by any of the following methods (Please send comments by one
method only):
Federal eRulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
Fax: (703) 518-6319. Include ``[Your Name]--Comments on
Proposed Rule: Corporate Credit Unions'' in the transmittal.
Mail: Address to Gerard Poliquin, Secretary of the Board,
National Credit Union Administration, 1775 Duke Street, Alexandria,
Virginia 22314-3428.
Hand Delivery/Courier: Same as mail address.
Public Inspection: You may view all public comments on the Federal
eRulemaking Portal at http://www.regulations.gov as submitted, except
for those we cannot post for technical reasons. The NCUA will not edit
or remove any identifying or contact information from the public
comments submitted. You may inspect paper copies of comments in the
NCUA's law library at 1775 Duke Street, Alexandria, Virginia 22314, by
appointment weekdays between 9:00 a.m. and 3:00 p.m. To make an
appointment, call (703) 518-6546, or send an email to [email protected].
FOR FURTHER INFORMATION CONTACT: Policy and Analysis: Robert Dean,
National Supervision Analyst, Office of National Examinations and
Supervision, (703) 518-6652; Legal: Rachel Ackmann, Senior Staff
Attorney, Office of General Counsel, (703) 548-2601; or by mail at
National Credit Union Administration, 1775 Duke Street, Alexandria, VA
22314.
SUPPLEMENTARY INFORMATION:
I. Introduction
a. Legal Authority and Background
The Board is issuing this rule pursuant to its authority under the
Federal Credit Union Act (FCU Act).\1\ Under the FCU Act, the NCUA is
the chartering and supervisory authority for Federal credit unions
(FCUs) and the federal supervisory authority for federally insured
credit unions (FICUs). The FCU Act grants the NCUA a broad mandate to
issue regulations governing both FCUs and FICUs. Section 120 of the FCU
Act is a general grant of regulatory authority and authorizes the Board
to prescribe regulations for the administration of the FCU Act.\2\
Section 209 of the FCU Act is a plenary grant of regulatory authority
to the NCUA to issue regulations necessary or appropriate to carry out
its role as share insurer for all FICUs.\3\ The FCU Act also includes
an express grant of authority for the Board to subject federally
chartered central, or corporate, credit unions to such rules,
regulations, and orders as the Board deems appropriate.\4\
---------------------------------------------------------------------------
\1\ 12 U.S.C. 1751 et seq.
\2\ 12 U.S.C. 1766(a).
\3\ 12 U.S.C. 1789.
\4\ 12 U.S.C. 1766(a).
---------------------------------------------------------------------------
Part 704 of the NCUA's regulations implements the requirements of
the FCU Act regarding corporate credit unions.\5\ In 2010, the Board
comprehensively revised the regulations governing corporate credit
unions to provide longer-term structural enhancements to the corporate
system in response to the financial crisis of 2007-2009.\6\ The
provisions of the 2010 rule successfully stabilized the corporate
system and improved corporate credit unions' ability to function and
provide services to natural person credit unions. Since 2010, and as
part of the Board's continuous reevaluation of its regulation of
corporate credit unions, the Board has amended part 704 on several
occasions.\7\ Part 704 was last amended in 2017, when the Board amended
corporate credit union capital standards to change the calculation of
capital after a consolidation and to set a retained earnings ratio
target in meeting prompt corrective action (commonly referred to as
PCA) standards.\8\
---------------------------------------------------------------------------
\5\ 12 CFR part 704.
\6\ 75 FR 64786 (Oct. 20, 2010).
\7\ See e.g., 80 FR 25932 (May 6, 2015), 80 FR 57283 (Sept. 23,
2015), and 82 FR 55497 (Nov. 22, 2017).
\8\ 82 FR 55497 (Nov. 22, 2017).
---------------------------------------------------------------------------
b. Regulatory Review
The NCUA reviews all of its existing regulations every three years.
The NCUA's Office of General Counsel maintains a rolling review
schedule that identifies one-third of its existing regulations for
review each year and provides notice to the public of those regulations
under review so the public may have an opportunity to comment. Part 704
was part of the Office of General Counsel's 2019 annual regulatory
review.\9\ The Board received several comments on updating part 704 as
part of the 2019 annual regulatory review.
---------------------------------------------------------------------------
\9\ See, https://www.ncua.gov/regulation-supervision/rules-regulations/regulatory-review.
---------------------------------------------------------------------------
II. Proposed Rule
The Board proposes to update, clarify, and simplify several
provisions of part 704. Specifically, the proposed rule would: (1)
Permit a corporate credit union to make a minimal investment in a CUSO
without the CUSO being
[[Page 17289]]
classified as a corporate CUSO and subject to heightened NCUA
oversight; (2) expand the categories of senior staff positions at
member credit unions eligible to serve on a corporate credit union's
board; (3) remove the experience and independence requirement for a
corporate credit union's enterprise risk management expert; (4) clarify
the treatment of an investment in a subordinated debt instrument of a
natural person credit union; (5) codify the current list of permissible
activities for a corporate CUSO; (6) clarify the definition of a
collateralized debt obligation; and (7) simplify the requirement for
net interest income modeling. Each proposed change is discussed in
detail below.
A. Minimal Investment in Natural Person CUSOs
Part 704 includes specific regulations for a corporate credit
union's investment and lending activity and permits a corporate credit
union to invest in and lend to a corporate CUSO. A corporate CUSO is
defined as an entity that is at least partly owned by a corporate
credit union; primarily serves credit unions; restricts its services to
those related to the normal course of business of credit unions; \10\
and is structured as a corporation, limited liability company, or
limited partnership under state law.\11\
---------------------------------------------------------------------------
\10\ See, 12 CFR 704.11(e).
\11\ 12 CFR 704.11(a).
---------------------------------------------------------------------------
Similar to natural person credit union service organizations (NP
CUSOs), the Board cannot regulate corporate CUSOs directly, but it can,
for safety and soundness reasons, regulate the types of investments
that corporate credit unions make and whether a corporate credit union
may invest in a CUSO. Part 704 includes several prudential requirements
to ensure corporate credit union investment in and lending to corporate
CUSOs is safe and sound. For example, part 704 regulates aggregate
corporate credit union investment in and lending to corporate CUSOs.
Part 704 also includes customer base requirements, permissible
activities, accounting and audit standards, and requires NCUA access to
corporate CUSO facilities, books, and records. In general, many of the
prudential standards for corporate CUSOs are more restrictive than the
standards for NP CUSOs.\12\ The Board has historically imposed more
restrictive standards for corporate CUSOs as they may serve hundreds or
even thousands of natural person credit unions and pose unique systemic
risk.\13\ Additionally, core functions of corporate credit unions that
pose systemic risk could be moved to corporate CUSOs. The Board has
expressed concern that the movement of these core functions to entities
that are not directly regulated by the NCUA could increase the systemic
risk associated with corporate CUSOs, and the Board wants to ensure it
has a degree of oversight and control of these activities.\14\
---------------------------------------------------------------------------
\12\ For example, the permissible activities for a corporate
CUSO are more limited than the permissible activities for a NP CUSO.
A corporate CUSO may seek Board permission to engage in additional
activities, but the process can be burdensome. In addition,
corporate CUSOs are also subject to more rigorous NCUA oversight. A
corporate CUSO must agree to give the NCUA complete access to its
personnel, facilities, equipment, books, records, and other
documentation that the NCUA deems pertinent. In contrast, NP CUSOs
must provide the NCUA with complete access to its books and records
and the ability to review its internal controls, as deemed necessary
by the NCUA. Finally, corporate CUSOs must provide quarterly
financial statements to the corporate credit union. In contrast, NP
CUSOs must prepare quarterly financial statements, but do not have
to provide the statements to FCUs.
\13\ 74 FR 65210 (Dec. 9, 2009).
\14\ Id.
---------------------------------------------------------------------------
As stated above, a corporate CUSO is defined as an entity that is
at least partly owned by a corporate credit union; primarily serves
credit unions; restricts its services to those related to the normal
course of business of credit unions; and is structured as a
corporation, limited liability company, or limited partnership under
state law.\15\ The definition is broad and includes no exception for de
minimus, non-controlling equity investments. Accordingly, any corporate
credit union equity interest in a CUSO, regardless of how small a share
of the CUSO the corporate credit union owns, is sufficient to designate
the CUSO as a corporate CUSO and subject it to additional requirements
under part 704.
---------------------------------------------------------------------------
\15\ 12 CFR 704.11(a).
---------------------------------------------------------------------------
The proposed rule would amend the definition of corporate CUSO so
that a corporate credit union could make a de minimus, non-controlling
investment in a NP CUSO without the CUSO being deemed a corporate CUSO.
The Board has reconsidered its position that any corporate credit union
investment in a CUSO must be subject to enhanced standards under part
704. The Board believes that a corporate credit union's non-controlling
investment would not pose the same systemic risks to the credit union
system as a controlling investment. It is unlikely that a corporate
credit union would move its essential functions into a non-controlled
CUSO.
The Board has also considered the benefits of permitting corporate
credit unions to make de minimus, non-controlling investments in NP
CUSOs. Compared to corporate CUSOs, NP CUSOs are permitted to engage in
a broader range of permissible activities and services. Consequently,
NP CUSOs are often a source of collaboration and innovation among FICUs
that may result in the origination of new products and services. To
compete effectively in today's technology-based financial service
market, FICUs may need to rely increasingly on pooling their resources
to fund CUSOs and to build the necessary infrastructure. The costs for
research and development, acquisition, implementation, and specialized
staff capable of managing these new technologies may be prohibitive for
all but a very few of the largest FICUs. CUSOs may provide the means
for FICUs to collectively address these challenges and may enable FICUs
to collaboratively develop technologies that better serve their
members.
Without the opportunity to invest in NP CUSOs, a corporate credit
union may be restricted in its ability to participate in this process.
The Board believes that by expanding corporate credit union investment
authorities, while still maintaining necessary safeguards, corporate
credit unions will be in a better position to participate in the
development of new products and services. NP CUSOs would also benefit
from a larger pool of potential investors, which may enable further
research and development during this period of rapid technological
growth.
In addition to amending the definition of corporate CUSO to permit
de minimus, non-controlling investments in NP CUSOs, the proposed rule
would also make several conforming amendments to part 704. The specific
details of the proposed amendments are discussed below.
Sec. 704.2 Definitions
Consolidated credit union service organization. Generally,
consolidated CUSOs are those majority-owned by a corporate credit
union. The proposed rule would amend the definition of consolidated
CUSO to use the newly defined term ``CUSO'' for clarity. Under the
proposed rule, a consolidated CUSO would mean any CUSO the assets of
which are consolidated with those of the corporate credit union for
purposes of reporting under Generally Accepted Accounting Principles
(GAAP).
Corporate CUSO. As discussed above, the proposed rule would amend
the definition of a corporate CUSO. Under the proposed rule, a CUSO
would be designated as a corporate CUSO only if one or more corporate
credit unions
[[Page 17290]]
have a controlling interest. A corporate credit union would be
considered to have a controlling interest if: (1) The CUSO is
consolidated on a corporate credit union's balance sheet; (2) a
corporate credit union has the power, directly or indirectly, to direct
the CUSO's management or policies; or (3) a corporate credit union owns
25 percent or more of the CUSO's contributed equity, stock, or
membership interests.\16\ A CUSO would also be designated as a
corporate CUSO if the aggregate corporate credit union ownership of all
corporates investing in the CUSO meets or exceeds 50 percent of the
CUSO's contributed equity, stock, or membership interests. The Board is
concerned that if several corporate credit unions have a majority
ownership interest in a CUSO, the CUSO could present the same risk to
the credit union system as a CUSO that is controlled by one corporate
credit union. If any of these four conditions are met, then the CUSO
would meet the definition of a corporate CUSO and be subject to
additional requirements under part 704. The definition of corporate
CUSO would also be moved to Sec. 704.2 for consistency with the
location of other definitions in part 704.
---------------------------------------------------------------------------
\16\ The proposed definition is related to the definition of
control in the Federal Deposit Insurance Act for notices filed under
the Change in Bank Control Act. 12 U.S.C. 1817(j).
---------------------------------------------------------------------------
Credit Union Service Organization (CUSO). The proposed rule would
define the term CUSO for purposes of part 704. Under the proposed rule,
a CUSO would mean both a NP CUSO under part 712 and a corporate CUSO
under part 704.11. The proposed definition makes it clear that the term
CUSO applies to both NP CUSOs and corporate CUSOs unless otherwise
stated. For example, when calculating tier 1 capital under part 704, a
corporate credit union must deduct, in part, investments in any
``unconsolidated CUSO.'' By using the term ``CUSO,'' instead of the
defined terms ``corporate CUSO'' and ``consolidated CUSO,'' the
proposed rule should be clear that a corporate credit union must deduct
unconsolidated investments in both a NP CUSO and a corporate CUSO.
Sec. Sec. 704.5 Investments, 704.6 Credit Risk Management, and 704.7
Lending
The proposed rule would remove references to corporate CUSOs and
instead refer to the general term CUSO because those provisions would
continue to apply to a corporate credit union investing in and lending
to both NP CUSOs and corporate CUSOs, as explained in detail below in
the discussion of the proposed changes to Sec. 704.11.
Sec. 704.11 Credit Union Service Organizations (CUSOs)
Under the proposed rule, Sec. 704.11 would be reorganized for
clarity, however, the substantive requirements for corporate CUSOs
would not be amended. The intent of the reorganization is to be clear
that certain requirements apply to a corporate credit union's
investment in or lending to both NP CUSOs and corporate CUSOs, certain
requirements apply only to NP CUSOs, and other requirements apply only
to corporate CUSOs.
The proposed rule sets forth the requirements for all corporate
credit union investments in or lending to CUSOs. The proposed rule, in
Sec. 704.11(a), states that the aggregate investment and lending
limits apply regardless of whether a corporate credit union's
investment or loan is to a NP CUSO or a corporate CUSO. The proposed
rule does not amend the current aggregate limitations on investments
and lending.\17\ A corporate credit union that has already invested in
or loaned the maximum permitted under the current rule would not be
authorized to invest or lend any additional money. Instead, such a
corporate credit union would have to reallocate its investments or
loans if it seeks to make any new investments that are prohibited.
---------------------------------------------------------------------------
\17\ 12 CFR 704.11(b). In general, the aggregate of all
investments in corporate CUSOs that a corporate credit union may
make must not exceed 15 percent of a corporate credit union's total
capital. The aggregate of all investments in and loans to corporate
CUSOs that a corporate credit union may make must not exceed 30
percent of a corporate credit union's total capital. A corporate
credit union may lend to corporate CUSOs an additional 15 percent of
total capital if the loan is collateralized by assets in which the
corporate has a perfected security interest under state law.
---------------------------------------------------------------------------
In Sec. 704.11(b), the proposed rule states that all corporate
credit union loans to CUSOs are subject to due diligence
requirements.\18\ The proposed rule, as does the current rule, would
require corporate credit unions to comply with certain due diligence
requirements from the NCUA's member business loans rule before making a
loan to a CUSO. Under the proposed rule, corporate credit unions would
be subject to the commercial loan policy and due diligence requirements
in the NCUA's member business loans rule \19\ for lending to both NP
CUSOs and corporate CUSOs. The board-approved policy must ensure
corporate credit union lending activities are performed in a safe and
sound manner by providing for ongoing control, measurement, and
management of CUSO lending. The policy should also include
qualifications and experience requirements for personnel involved in
underwriting, processing, approving, administering, and collecting
loans to CUSOs. The corporate credit union must also have a loan
approval process, underwriting standards and risk management processes
commensurate with the size, scope and complexity of its CUSO lending.
The Board believes these due diligence requirements are the minimum
requirements necessary to ensure that corporate credit unions are
engaging in safe and sound lending practices. The requirements should
not place a new burden on corporate credit unions because any corporate
credit union that is currently making a loan to a corporate CUSO should
be following these basic safety and soundness principles.
---------------------------------------------------------------------------
\18\ 12 CFR 704.11(c). The current rule includes a cross-
reference to due diligence requirements in the member business loan
rule. The member business loan rule, however, was updated in 2015
and the cross-referenced requirements have been removed.
Accordingly, the proposed rule would update the cross references to
reflect the revised member business loan rule.
\19\ 12 CFR 723.4.
---------------------------------------------------------------------------
In Sec. 704.11(c), the proposed rule would set forth the
regulations governing corporate credit union investment in and lending
to NP CUSOs. The proposed rule would state that corporate credit union
investment in and lending to NP CUSOs are generally subject to part 712
of this chapter. The intent of this section is to be clear that a CUSO
is either governed under part 704 as a corporate CUSO, as discussed
below, or subject to part 712 as a NP CUSO. A corporate credit union
investment in a CUSO of a state-chartered natural person credit union
would also be subject to the requirements in part 712.
In Sec. 704.11(d), the proposed rule, like the current rule, would
include safety and soundness requirements for corporate credit union
investments in and loans to corporate CUSOs. In general, the proposed
rule does not make any substantive changes to the existing prudential
requirements. The requirements have been reorganized for clarity and as
part of the general restructuring of Sec. 704.11, but are not
otherwise substantively amended.\20\
---------------------------------------------------------------------------
\20\ The proposed rule would include a few non-substantive
language changes that are only intended to streamline the provision
and enhance clarity.
---------------------------------------------------------------------------
Finally, in Sec. 704.11(e), the proposed rule would include one
new prudential requirement for corporate credit union investments in
and loans to corporate CUSOs. The proposed rule states that
[[Page 17291]]
any subsidiary of a corporate CUSO would be automatically designated a
corporate CUSO. The proposed rule also would provide that all tiers or
levels of a corporate CUSO's structure are subject to the requirements
for corporate CUSOs. The Board believes this level of oversight is
necessary for all tiers of a corporate CUSO because corporate CUSOs
affect not only the health of the investing corporate credit union, but
also the health of the credit union system as a whole. Many corporate
CUSOs serve natural person credit unions directly. As stated
previously, the Board has historically been concerned that some
activities might migrate from corporate credit unions to CUSOs and
their subsidiaries, and the Board needs to ensure each layer in the
corporate structure is subject to certain minimal prudential
requirements.
Sec. 704.19 Disclosure of Executive Compensation
Section 704.19 currently requires that each corporate credit union
annually prepare and maintain a document that discloses the
compensation of certain employees, including compensation received from
a corporate CUSO.\21\ The proposal would amend Sec. 704.19 to require
that employee compensation from either a NP CUSO or a corporate CUSO
must be reported. The Board notes that under the current rule to
facilitate this disclosure, Sec. 704.11(g) requires a corporate CUSO
to disclose compensation paid to any employees that are also employees
of a corporate credit union lending to, or investing in, the CUSO. This
provision places the burden of disclosure on the corporate CUSO. The
proposed rule, however, would not include a similar requirement for NP
CUSOs.\22\ Accordingly, the dual employee would be required to disclose
his or her compensation from the NP CUSO for the corporate credit union
to make the required disclosure.
---------------------------------------------------------------------------
\21\ 12 CFR 704.19(a).
\22\ The Board notes, however, that part 712 prohibits officials
and senior management employees, and their immediate family members
of an FCU with an outstanding loan or investment from receiving any
salary, commission, investment income, or other income or
compensation from the CUSO, either directly or directly. 12 CFR
712.8.
---------------------------------------------------------------------------
B. Corporate Credit Union Board Representation
Section 704.14 currently requires that at least a majority of a
corporate credit union's board members must serve on the corporate
credit union's board as a representative of a member credit union.\23\
In addition, any candidate for a position on the board of a corporate
credit union must hold a senior management position at a member credit
union and hold that position at the time he or she is seated on the
board of a corporate credit union. Currently, only an individual who
holds the position of chief executive officer, chief financial officer,
chief operating officer, or treasurer/manager at a member credit union,
and will hold that position at the time he or she is seated on the
corporate credit union board if elected, may seek election or re-
election to the corporate credit union board.
---------------------------------------------------------------------------
\23\ 12 CFR 704.14.
---------------------------------------------------------------------------
The proposed rule would expand the credit union officials eligible
to serve on a corporate credit union board. The proposed rule would no
longer expressly limit the corporate credit union board to the above
stated positions and instead would include any person in a senior staff
position at a member credit union. The proposed rule would then list
the current positions as examples of senior staff positions that are
eligible to serve on a corporate credit union board. The proposed rule
also would include two new positions, chief information officer and
chief risk officer, in the list of examples of senior staff positions
eligible to serve on a corporate credit union board.
The Board believes that officials who hold a senior management
position at a member credit union are qualified individuals who could
offer expertise as a corporate credit union board member. Not only
would the corporate credit union members have more flexibility in
choosing board members, but expanding eligible senior staff positions,
such as chief information officer and chief risk officer, would widen
the range of expertise on corporate credit union boards.
C. Enterprise Risk Management
Section 704.21 requires corporate credit unions to develop and
follow an enterprise risk management policy.\24\ A corporate credit
union must also establish an enterprise risk management committee
(ERMC) and include an independent risk management expert on the
committee. The Board adopted these requirements in 2011 due to concerns
that corporate credit unions were not adequately focused on the
aggregation of exposures across entire institutions, even though the
Board believed that corporate credit unions were adequately focused on
individual risk exposures.\25\
---------------------------------------------------------------------------
\24\ 12 CFR 704.21.
\25\ 76 FR 23861 (Apr. 29, 2011) and 80 FR 25932 (May 6, 2015).
---------------------------------------------------------------------------
The current rule includes several specific requirements regarding
the independent risk management expert on the committee. The risk
management expert must have at least five years of experience in
identifying, assessing, and managing risk exposures.\26\ This
experience must be commensurate with the size of the corporate credit
union and the complexity of its operations. In addition, the current
rule provides what constitutes independence. A risk management expert
qualifies as independent if: (1) The expert reports to the ERMC and to
the corporate credit union's board of directors; (2) neither the
expert, nor any immediate family member of the expert, is supervised by
or has any material business or professional relationship with the
chief executive officer (CEO) of the corporate credit union, or anyone
directly or indirectly supervised by the CEO; and (3) neither the
expert, nor any immediate family member of the expert, has had any of
the previously described relationships for at least the past three
years.\27\ The Board specifically included experience and independence
requirements to ensure the enterprise risk management expert is
adequately qualified and not influenced by the operational side of the
corporate credit union.\28\
---------------------------------------------------------------------------
\26\ 12 CFR 704.21(c).
\27\ 12 CFR 704.21(d).
\28\ 76 FR 23861 (Apr. 29, 2011).
---------------------------------------------------------------------------
The Board, however, no longer believes that it is necessary for
prescriptive experience requirements and for the risk management expert
to be independent of the corporate credit union. The Board believes the
corporate credit union should have more discretion in choosing an
adequate risk management expert. The Board does not believe that a
prescriptive five-year experience requirement is necessary. The Board
believes that corporate credit unions are in the best position to
determine the appropriate level of experience necessary for the
position. The proposed rule also would permit the risk management
expert to report directly to the ERMC.
Additionally, the Board believes that the effectiveness of risk
management practices is driven by a multitude of factors, to include
policies, processes, and qualified knowledge. Many corporate credit
unions have integrated their enterprise risk management function into
their business decision making, and at many corporate credit unions,
internal corporate staff possess the skills and experience to capably
manage the enterprise risk management program. By and large, corporate
credit unions have improved their ability to assess risk and
effectively challenge
[[Page 17292]]
evaluations of risk since the current rule was first adopted. The
proposed rule would provide the corporate credit unions flexibility to
choose an internal risk management expert instead of engaging an
outside consultant.
The Board, however, notes that even though independence is no
longer an explicit requirement, for best enterprise risk management
practices, the expert should have appropriate stature and authority to
effectively manage and lead an enterprise risk management program. The
expert must be competent to analyze risks across the institution and
have the capability to communicate those risks to the board or ERMC
despite potential influence from the operational side of the corporate
credit union. The NCUA will evaluate the adequacy of a corporate credit
union's enterprise risk management practices through the supervisory
process. Sound risk management is a cornerstone responsibility of a
credit union's leadership; therefore, CAMEL and risk ratings will
incorporate the supervisory team's assessment of this area. Weaknesses
in risk management may result in supervisory actions.
D. Natural Person Credit Union Subordinated Debt Instruments
The Board recently issued a proposed rule to permit low-income
designated credit unions, complex credit unions, and new credit unions
to issue subordinated debt instruments for purposes of regulatory
capital treatment (subordinated debt NPR).\29\ If the Board adopts the
proposed rule as final, it expects additional credit unions to begin
issuing subordinated debt instruments. Therefore, the Board believes it
is necessary to clarify whether corporate credit unions may purchase
such instruments and, if so, the treatment of the investments under
part 704.
---------------------------------------------------------------------------
\29\ Available at, https://www.ncua.gov/files/publications/regulations/proposed-rule-subordinated-debt.pdf (Feb. 7, 2020).
---------------------------------------------------------------------------
This proposed rule would create a new definition for the term
natural person credit union subordinated debt instrument. The proposed
rule would define a natural person credit union subordinated debt
instrument as any debt instrument issued by a natural person credit
union that is subordinate to all other claims against the credit union,
including the claims of creditors, shareholders, and either the
National Credit Union Share Insurance Fund (NCUSIF) or the insurer of a
privately insured credit union. The Board intends for this definition
to include all instruments issued under the subordinated debt NPR.
The Board is clarifying that corporate credit unions may purchase
subordinated debt instruments of natural person credit unions under a
corporate credit union's lending authority. This authority is derived
from their lending authority because subordinated debt instruments are
issued under a natural person credit union's borrowing authority.
Additionally, natural person credit unions are also permitted to,
subject to various restrictions and limits, purchase such subordinated
debt instruments from other natural person credit unions under their
lending authority. Treating the purchase of such subordinated debt
instruments as lending would ensure consistent treatment between
natural person credit unions and corporate credit unions. The proposed
rule would not explicitly state that a corporate credit union may
purchase a natural person credit union subordinate debt instrument
because the Board believes corporate credit unions' current lending
authority is currently sufficiently broad to include purchasing
subordinated debt instruments.
The proposed rule, however, would require that a corporate credit
union fully deduct the amount of the subordinated debt instrument from
its tier 1 capital to ensure consistent treatment between investments
in the capital of other corporate credit unions and natural person
credit unions. Corporate credit unions are currently required to deduct
from tier 1 capital any investments in perpetual contributed capital
and nonperpetual capital accounts that are maintained at other
corporate credit unions.\30\ The Board believes that investments in
natural person credit union subordinated debt instruments should be
treated similarly as such instruments may qualify as regulatory capital
for the natural person credit union. The Board is also concerned about
systemic risk if corporate credit unions own a significant amount of
natural person credit union issued subordinated debt. Finally, a
natural person credit union subordinated debt instrument would be in a
first loss position, even before the NCUSIF and any private insurance
fund or entity. Therefore, an involuntary liquidation of the issuing
credit union would potentially mean large, and likely total, losses for
the holders of those subordinated obligations. The Board believes that
fully deducting such instruments from tier 1 capital will ensure any
potential losses do not affect the capital position of the investing
corporate credit union. This measured approach strikes the right
balance between providing corporate credit unions the flexibility to
purchase natural person credit union subordinated debt instruments and
avoiding undue systemic risk to the credit union system.
---------------------------------------------------------------------------
\30\ See the definition of tier 1 capital in 12 CFR 704.2.
---------------------------------------------------------------------------
E. Approved Corporate CUSO Activities.
Part 704 does not list the permissible activities for corporate
CUSOs in the regulatory text of part 704 of the Code of Federal
Regulations, unlike part 712, which does so for NP CUSOs.\31\ Instead,
Sec. 704.11 requires that, generally, a corporate CUSO must agree that
it will limit its services to brokerage services, investment advisory
services, and other categories of services as preapproved by NCUA and
published on NCUA's website.\32\ A CUSO that desires to engage in an
activity not preapproved by NCUA can apply to NCUA for that approval.
To increase transparency and make it easier for corporate credit unions
to determine if an activity has previously been determined by the Board
to be permissible, the proposed rule would replace the permissible
activities list from the NCUA website with a new appendix to part 704.
The proposed rule would include a new Appendix D, which would reprint
the current list of permissible activities and conditions for corporate
CUSO activities. The Board is not proposing any amendments to the list
at this time. In the future, the Board would make any additions or
changes to the list by amending Appendix D through a rulemaking.
---------------------------------------------------------------------------
\31\ 12 CFR 712.5(b).
\32\ https://www.ncua.gov/regulation-supervision/corporate-credit-unions/corporate-cuso-activities/approved-corporate-cuso-activities.
---------------------------------------------------------------------------
F. Definition of Collateralized Debt Obligation.
Corporate credit unions are prohibited from purchasing certain
overly complex or leveraged investments, including collateralized debt
obligations (commonly referred to as CDOs).\33\ Under the current rule,
the term CDO means a debt security collateralized by mortgage-backed
securities, other asset-backed securities, or corporate obligations in
the form of nonmortgage loans or debt. The term does not include: (1)
Senior tranches of Re-REMICs consisting of senior mortgage- and asset-
backed securities; (2) Any
[[Page 17293]]
security that is fully guaranteed as to principal and interest by the
U.S. Government or its agencies or its sponsored enterprises; or (3)
Any security collateralized by other securities where all the
underlying securities are fully guaranteed as to principal and interest
by the U.S. Government or its agencies or its sponsored
enterprises.\34\ The proposed rule would amend the definition of CDO to
clarify that the definition includes both loans and debt securities.
The proposed rule would change the defined term to ``collateralized
loan or debt obligation,'' but would not otherwise amend the
definition. The NCUA Board is aware that there has been confusion among
industry participants concerning whether collateralized loans meet the
definition and are therefore prohibited. The Board believes amending
the name of the defined term clarifies the Board's intent.
---------------------------------------------------------------------------
\33\ The prohibition on purchasing CDOs was intended to protect
corporate credit unions from the potential for excessive investment
losses. 75 FR 64786, 64793 (Oct. 20, 2010).
\34\ 12 CFR 704.2.
---------------------------------------------------------------------------
G. Net Interest Income Modeling
Under the current rule, a corporate credit union must perform net
interest income (NII) modeling to project earnings in multiple interest
rate environments for a period of no less than two years.\35\ NII
modeling must, at minimum, be performed quarterly, including once on
the last day of the calendar quarter. The proposed rule would make a
change to the timeframe for NII. Under the proposed rule, a corporate
credit union would not be required to perform NII modeling for two
years and instead would only be required to perform modeling for one
year.
---------------------------------------------------------------------------
\35\ 12 CFR 704.8(e).
---------------------------------------------------------------------------
The Board is proposing to amend the requirements for NII given that
corporate credit unions are also subject to weighted average life (WAL)
limits, which limit asset maturities to less than two years.\36\ Under
the current rule, a corporate credit union must test its financial
assets at least quarterly, including once on the last day of the
calendar quarter, for compliance with this limitation. If the WAL of a
corporate credit union's assets exceeds two years on the testing date,
this test must be calculated at least monthly, including once on the
last day of the month, until the WAL is below two years.
---------------------------------------------------------------------------
\36\ 12 CFR 704.8(f).
---------------------------------------------------------------------------
The Board believes that NII modeling performed over a longer period
than the WAL limits for asset maturities is less useful because the
corporate credit union would also have to estimate what reinvestments
would occur over the two-year period beyond simply estimating interest
cash flows on assets. In addition, corporate credit unions already
conduct net economic value analyses which capture a long-term view of
interest rate risk. The Board believes that NII modeling over a one-
year period sufficiently captures a corporate credit union's short-term
interest rate risk.
III. Request for Comment on the Proposed Rule
The above proposed changes are consistent with the Board's ongoing
efforts to reduce regulatory burden while assuring that corporate
credit unions operate in a safe and sound manner. The Board welcomes
comment on all aspects of the proposal. The Board is particularly
interested in comments on the proposed thresholds and definitions and
is willing to consider alternatives. The Board is requesting comment
specifically on the following questions.
1. Is the proposed definition of corporate CUSO appropriate? Does
it capture the types of corporate credit union investments most likely
to pose systemic risk to the credit union system? The Board is willing
to consider amendments to the definition of corporate CUSO.
2. The proposed definition of a corporate CUSO states that if a
corporate credit owns 25 percent or more of a CUSO's contributed
equity, stock, or membership interests, then the CUSO is a corporate
CUSO. Please comment on whether 25 percent is an appropriate threshold
for control. Should the Board consider a higher or lower threshold? The
Board is willing to consider alternative thresholds for the definition
of corporate CUSO. The Board notes that for some purposes the Federal
Deposit Insurance Corporation defines control as low as 10 percent of
an institution's common stock.
3. How do corporate credit unions structure their investment in
CUSOs? Is it generally through stock? Contributed equity? Membership
interests? Are there any types of typical ownership interests excluded
from the corporate CUSO definition?
4. The proposed rule would not require NP CUSOs to disclose
compensation paid to any employees that are also employees of a
corporate credit union lending to, or investing in, the CUSO. Are
corporate credit unions able to comply with their annual compensation
disclosure without receiving the information from NP CUSOs?
5. Instead of requiring a deduction from capital due to the
investment in a subordinated debt instrument, should the Board prohibit
a corporate credit union from investing in such an instrument?
Prohibiting an investment would limit a corporate credit union's
flexibility, but would further reduce the potential for systemic risk.
Please discuss the definition of natural person credit union
subordinated debt instrument. Does it appropriately capture the
subordinated debt instruments issued by natural person credit unions
that are most likely to pose systemic risk? The Board is open to
alternative treatments for a corporate credit union's investment in
subordinated debt instruments.
6. Would a one-year window for NII modeling provide credit unions
with a more accurate window to project earnings? Should the Board
consider other timeframes to balance the accuracy of projections with
the need for corporate credit unions to understand its interest rate
risk? The Board is willing to consider alternative time periods for
NII.
VII. Regulatory Procedures
Regulatory Flexibility Act
The Regulatory Flexibility Act (RFA) generally requires that, in
connection with a notice of proposed rulemaking, an agency prepare and
make available for public comment an initial regulatory flexibility
analysis that describes the impact of a proposed rule on small entities
(defined for purposes of the RFA to include credit unions with assets
less than $100 million).\37\ A regulatory flexibility analysis is not
required, however, if the agency certifies that the rule will not have
a significant economic impact on a substantial number of small entities
and publishes its certification and a short, explanatory statement in
the Federal Register together with the rule.
---------------------------------------------------------------------------
\37\ See 80 FR 57512 (Sept. 24, 2015).
---------------------------------------------------------------------------
This proposed rule would not have a significant economic impact on
a substantial number of small entities. There are no corporate credit
unions under $100 million in assets. Therefore, the Board certifies
that the rule will not have a significant economic impact on a
substantial number of small entities.
Paperwork Reduction Act
The Paperwork Reduction Act of 1995 (PRA) applies to information
collection requirements in which an agency creates a new paperwork
burden on regulated entities or modifies an existing burden. For
purposes of the PRA, a paperwork burden may take the form of a
reporting, recordkeeping, or
[[Page 17294]]
third-party disclosure requirement, each referred to as an information
collection. The NCUA may not conduct or sponsor, and the respondent is
not required to respond to, an information collection unless it
displays a currently valid Office of Management and Budget (OMB)
control number.
The proposed rule will amend 12 CFR part 704, in part, to address
minimal investments by a corporate credit union in a CUSO without the
CUSO being classified as a corporate CUSO. The information collection
requirements associated with this provision are cleared under OMB
control number 3133-0129 and there are no other new information
collection requirements associated with this proposed rule.
Executive Order 13132
Executive Order 13132 encourages independent regulatory agencies to
consider the impact of their actions on state and local interests. In
adherence to fundamental federalism principles, the NCUA, an
independent regulatory agency as defined in 44 U.S.C. 3502(5),
voluntarily complies with the principles of the executive order. This
rulemaking will not have a substantial direct effect on the states, on
the connection between the national government and the states, or on
the distribution of power and responsibilities among the various levels
of government. The NCUA has determined that this proposal does not
constitute a policy that has federalism implications for purposes of
the executive order.
Assessment of Federal Regulations and Policies on Families
The NCUA has determined that this proposed rule will not affect
family well-being within the meaning of section 654 of the Treasury and
General Government Appropriations Act, 1999, Public Law 105-277, 112
Stat. 2681 (1998).
List of Subjects in 12 CFR Part 704
Credit unions, Corporate credit unions, Reporting and recordkeeping
requirements.
By the National Credit Union Administration Board on February
20, 2020.
Gerard Poliquin,
Secretary of the Board.
For the reasons discussed above, the Board proposes to amend 12 CFR
part 704, as follows:
PART 704--CORPORATE CREDIT UNIONS
0
1. The authority citation for part 704 continues to read as follows:
Authority: 12 U.S.C. 1766(a), 1781, and 1789.
0
2. In Sec. 704.2:
0
a. Revise the definition of Collateralized Debt Obligation,
Consolidated Credit Union Service Organization and Tier 1 Capital; and
0
b. Add definitions for Corporate CUSO, Credit Union Service
Organization (CUSO), and Natural Person Credit Union Subordinated Debt
Instrument, in alphabetical order, to read as follows:
Sec. 704.2 Definitions.
* * * * *
Collateralized Debt and Loan Obligation (CDLO) means a debt
security collateralized by mortgage-backed securities, other asset-
backed securities, or corporate obligations in the form of nonmortgage
loans or debt. For purposes of Part 704, the term CDLO does not
include:
(1) Senior tranches of Re-REMIC's consisting of senior mortgage-and
asset-backed securities;
(2) Any security that is fully guaranteed as to principal and
interest by the U.S. Government or its agencies or its sponsored
enterprises; or
(3) Any security collateralized by other securities where all the
underlying securities are fully guaranteed as to principal and interest
by the U.S. Government or its agencies or its sponsored enterprises.
* * * * *
Consolidated Credit Union Service Organization (Consolidated CUSO)
means any CUSO the assets of which are consolidated with those of the
corporate credit union for purposes of reporting under Generally
Accepted Accounting Principles (GAAP). Generally, consolidated CUSOs
are majority-owned CUSOs.
* * * * *
Corporate CUSO means a CUSO, as defined in part 712, that:
(1) Is a consolidated CUSO;
(2) A corporate credit union has the power, directly or indirectly,
to direct the CUSO's management or policies;
(3) A corporate credit union owns 25 percent or more of the CUSO's
contributed equity, stock, or membership interests; or
(4) The aggregate corporate credit union ownership meets or exceeds
50 percent of the CUSO's contributed equity, stock, or membership
interests.
Credit union service organization (CUSO) means both a CUSO under
part 712 and a corporate CUSO under part 704.
* * * * *
Natural Person Credit Union Subordinated Debt Instrument is any
debt instrument issued by a natural person credit union that is
subordinate to all other claims against the credit union, including the
claims of creditors, shareholders, and either the National Credit Union
Share Insurance Fund or the insurer of a privately insured credit
union.
* * * * *
Tier 1 capital means the sum of items in paragraphs (1) and (2) of
this definition from which items in paragraphs (3) through (7) are
deducted:
(1) Retained earnings;
(2) Perpetual contributed capital;
(3) Deduct the amount of the corporate credit union's intangible
assets that exceed one half percent of its moving daily average net
assets (however, the NCUA may direct the corporate credit union to add
back some of these assets on the NCUA's own initiative, or the NCUA's
approval of petition from the applicable state regulator or application
from the corporate credit union);
(4) Deduct investments, both equity and debt, in unconsolidated
CUSOs;
(5) Deduct an amount equal to any PCC or NCA that the corporate
credit union maintains at another corporate credit union;
(6) Deduct any amount of PCC received from federally insured credit
unions that causes PCC minus retained earnings, all divided by moving
daily average net assets, to exceed two percent when a corporate credit
union's retained earnings ratio is less than two and a half percent;
and
(7) Deduct any natural person credit union subordinated debt
instrument held by the corporate credit union.
* * * * *
0
3. Revise Sec. 704.5(c)(3) to read as follows:
Sec. 704.5 Investments.
* * * * *
(c) * * *
(1) * * *
(2) * * *
(3) CUSOs, subject to the limitations of Sec. 704.11;
* * * * *
0
4. In Sec. 704.6(c)(2)(vi), remove the word ``corporate'' before the
word ``CUSO.''
0
5. In Sec. 704.7, remove the word ``corporate'' before the word
``CUSO'' each place the word appears.
0
6. In Sec. 704.8(e) replace the phrase ``no less than 2 years'' with
``no less than 1 year.''
0
7. Revise Sec. 704.11 to read as follows:
Sec. 704.11 Credit Union Service Organizations (CUSOs).
(a) Investment and loan limitations. (1) The aggregate of all
investments in
[[Page 17295]]
member and non-member CUSOs that a corporate credit union may make must
not exceed 15 percent of a corporate credit union's total capital.
(2) The aggregate of all investments in and loans to member and
nonmember CUSOs a corporate credit union may make must not exceed 30
percent of a corporate credit union's total capital. A corporate credit
union may lend to member and nonmember CUSOs an additional 15 percent
of total capital if the loan is collateralized by assets in which the
corporate has a perfected security interest under state law.
(3) If the limitations in paragraphs (a)(1) and (a)(2) of this
section are reached or exceeded because of the profitability of the
CUSO and the related GAAP valuation of the investment under the equity
method without an additional cash outlay by the corporate, divestiture
is not required. A corporate credit union may continue to invest up to
the regulatory limit without regard to the increase in the GAAP
valuation resulting from the CUSO's profitability.
(b) Due diligence. A corporate credit union must comply with the
commercial loan policy and due diligence requirements of Sec. 723.4 of
this chapter for all loans to CUSOs.
(c) Requirements for CUSOs that are not corporate CUSOs. Corporate
credit union investments in and lending to CUSOs that are not corporate
CUSOs are subject to part 712 of this chapter, except that investment
and loan limitations and due diligence requirements are governed by
this section.
(d) Requirements for Corporate CUSOs. Corporate credit union
authority to invest in or loan to a corporate CUSO is limited to that
provided in this section.
(1) Structure. A corporate CUSO must be structured as a
corporation, limited liability company, or limited partnership under
state law.
(2) Separate entity. (i) A corporate CUSO must be operated as an
entity separate from a corporate credit union.
(ii) A corporate credit union investing in or lending to a
corporate CUSO must obtain a written legal opinion that concludes the
corporate CUSO is organized and operated in a manner that the corporate
credit union will not reasonably be held liable for the obligations of
the corporate CUSO. This opinion must address factors that have led
courts to ``pierce the corporate veil,'' such as inadequate
capitalization, lack of corporate identity, common boards of directors
and employees, control of one entity over another, and lack of separate
books and records.
(3) Permissible activities. (i) A corporate CUSO must agree to
limit its activities to:
(1) Brokerage services,
(2) Investment advisory services, and
(3) Other categories of activities as approved in writing by NCUA
and as reflected in Appendix D.
(ii) Once the NCUA has approved an activity and published that
activity on its website, the NCUA will not remove that particular
activity from the approved list, or make substantial changes to the
content or description of that approved activity, except through the
formal rulemaking process.
(4) Compensation Restrictions. An official of a corporate credit
union which has invested in or loaned to a corporate CUSO may not
receive, either directly or indirectly, any salary, commission,
investment income, or other income, compensation, or consideration from
the corporate CUSO. This prohibition also extends to immediate family
members of officials.
(5) Written Agreement between the Corporate Credit Union and
Corporate CUSO. Prior to making an investment in or loan to a corporate
CUSO, a corporate credit union must obtain a written agreement that the
corporate CUSO:
(i) Will follow GAAP;
(ii) Will provide financial statements to the corporate credit
union at least quarterly;
(iii) Will obtain an annual CPA opinion audit and provide a copy to
the corporate credit union. A consolidated CUSO is not required to
obtain a separate annual audit if it is included in the corporate
credit union's annual audit;
(iv) Will provide the reports as required by Sec. 712.3(d)(4) and
(5) of this chapter;
(v) Will not acquire control, directly or indirectly, of another
depository financial institution or to invest in shares, stocks, or
obligations of an insurance company, trade association, liquidity
facility, or similar organization;
(vi) Will allow the auditor, board of directors, and NCUA complete
access to the CUSO's personnel, facilities, equipment, books, records,
and any other documentation that the auditor, directors, or NCUA deem
pertinent;
(vii) Will inform the corporate, at least quarterly, of all the
compensation paid by the CUSO to its employees who are also employees
of the corporate credit union; and
(viii) Will comply with all the requirements of this section.
(e) Subsidiary Restrictions. Any subsidiary of a corporate CUSO is
automatically designated a corporate CUSO and subject to all the
requirements of this section. The requirements of this section apply to
all tiers or levels of a corporate CUSO's structure.
0
8. Revise Sec. 704.14(a)(2) to read as follows:
Sec. 704.14 Representation.
* * * * *
(a) * * *
(1) * * *
(2) Only an individual who currently holds a senior staff position
(e.g., position of chief executive officer, chief financial officer,
chief operating officer, chief information officer, chief risk officer,
treasurer/manager, etc.) at a member credit union, and will hold that
position at the time he or she is seated on the corporate credit union
board if elected, may seek election or re-election to the corporate
credit union board;
* * * * *
0
9. In Sec. 704.19, remove the word ``corporate'' before the word
``CUSO''.
0
10. In Sec. 704.21, revise paragraph (c) and remove paragraphs (d) and
(e) to read as follows:
Sec. 704.21 Enterprise risk management.
* * * * *
(a) * * *
(b) * * *
(c) The ERMC must include at least one risk management expert who
can report directly to the board of directors. The risk management
expert's experience must be commensurate with the size of the corporate
credit union and the complexity of its operations.
0
11. Add Appendix D to read as follows:
Appendix D: Approved Corporate CUSO Activities.
Category--Clerical, Professional, & Management
A corporate CUSO may engage in the following clerical,
professional, and management activities:
1. Business Consulting Services: Offering consulting services in
support of business development, strategic planning, industry analysis,
and operational efficiency.
2. Human Resources Services: Services addressing human capital
needs, reporting, and management considerations to include development
of policies, procedures, and employee manuals.
3. Insurance Brokerage or Agency Referrals: Making third party
insurance services or products available. This may include endorsing a
product or service, negotiating group discounts and making referrals.
[[Page 17296]]
4. Marketing and Research Services: Systematically gathering,
recording, and analyzing data about issues relating to marketing credit
union products and services to identify and assess how changing
elements of the marketing mix affect member behavior. Producing reports
of research, making recommendations for marketing strategies, and other
similar market and research services.
5. Payroll Services: Management of payroll processing, reporting,
and tax filing;
6. Training Services: Furnishing pre-packaged training products,
developing new or customizing existing training products/modules, and
facilitating education and training of credit union staff.
7. Audit & Compliance Consulting Services: Performing, as requested
and agreed upon in predetermined scope arrangement, audits (internal,
operational, financial, or compliance). Providing education and
consultation services for developing statutory and regulatory
compliance programs related to the Bank Secrecy Act, Anti Money
Laundering provision, Office of Foreign Asset Control, and U.S. Patriot
Act.
8. Product Development Services: Research and development of
products and services specific to the needs of credit unions and their
members/consumers.
A corporate credit union may engage in the following currency
services:
1. Coin and Currency Services: Providing replenishment or deposit
of excess coin and cash. This may include vault cash orders, ATM
replenishments, and other similar services. Coin and currency services
may be offered through agreement with another financial institution,
direct with the Federal Reserve, through an armored car service
agreement, or other similar arrangement.
2. A corporate credit union may only engage in coin and currency
services if it meets the following conditions:
a. Maintain bond/liability insurance as appropriate.
b. Annually provide OCCU copy of bond/liability insurance.
A corporate credit union may engage in the following data
processing services:
1. Electronic Document Management: Providing document and record
management systems which may allow for document archival, reporting,
secure remote access, and similar services.
2. Core processing: Offering a back-end system in a service bureau
environment used to process and record daily transactions, and post
updates to accounts and other financial records. This typically
includes deposit, loan and credit-processing capabilities, with
interfaces to general ledger systems and reporting tools, and may allow
for or integrate with front-end member access platforms, subject to the
following conditions:
a. Maintain business recovery plan ensuring uninterrupted
operations.
b. Maintain bond/liability insurance appropriate for activity.
c. Adhere to AICPA audit standards for reporting on controls at a
service organization.
d. Annually provide OCCU copy of bond/liability insurance, business
contingency plans & test results.
A corporate credit union may engage in the following lending and
deposit services:
1. Business Banking--Consulting and Turnkey Services: Provide
either in-house, or through turnkey operation, suite of financial
products. Products may include loan products, risk monitoring, and
consulting services for business loan, deposit, payment and cash
management products, provided that the corporate CUSO comply with the
Member Business Loan Regulation--Part 723 of the NCUA Rules and
Regulations.
2. Business loan origination: Provide business loan consulting and
origination services. Examples of business loan origination include
commercial real estate, term loans, lines of credit, construction,
agriculture, SBA loans, and loan participation servicing and brokering,
provided that the corporate CUSO comply with the Member Business Loan
Regulation--Part 723 of the NCUA Rules and Regulations.
3. Business Loan Support Services: Provide business loan processing
and sales to include pre- and post closing underwriting, risk
monitoring reports, document preparation, and servicing. Loan support
services may also include debt collection services and sale of
repossessed collateral.
A corporate credit union may engage in the following payments and
electronic transaction services:
1. Automated Clearing House (ACH): Providing services for the
receipt, processing, distribution, and settlement of electronic credits
and debits among financial institutions for final posting to business
entities, credit unions and members/consumers. Activities include
receipt of ACH files; file distribution; receipt and processing of
returned items and notification of change files; offering and/or
processing ACH origination files; assisting with ACH exceptions and
transaction disputes; providing settlement of ACH files; and other
similar ACH services, subject to the following conditions:
a. Restrict CUSO ownership to one corporate unless approved by
NCUA.
b. Comply with NACHA rules.
c. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
d. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
e. Maintain bond/liability insurance as appropriate.
f. Adhere to AICPA audit standards for reporting on controls at a
service organization.
g. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
h. Utilize distributed settlement model if providing services to
other corporate credit unions.
2. Wire Transfer Services (Domestic and International):
Electronically transferring funds through the Federal Reserve Bank,
other financial institution, or other similar third-party funds
transfer agent (i.e., Western Union, etc.) directly to a domestic or
foreign financial institution or receiving transfer agent with final
credit to business entities, credit unions, and member/consumers,
subject to the following conditions:
a. Restrict CUSO ownership to one corporate unless approved by
NCUA.
b. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
c. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
d. Comply with NCUA and FFIEC Guidance for Authentication in an
Internet Banking Environment as applicable.
e. Prefund transactions prior to processing.
f. Maintain bond/liability insurance as appropriate.
g. Adhere to AICPA audit standards for reporting on controls at a
service organization.
h. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
3. Forward Check Collection/Remote Deposit Capture Services:
Offering a suite of image, electronic, and paper forward check
processing, collection, clearing, settlement, adjustment, and reporting
services. Deposit processing may occur as either ``traditional'' paper
processing, electronic truncation, or image capture, processing, and
[[Page 17297]]
transmission of check images from remote or centralized locations.
Remote deposit capture services may include branch, teller, merchant,
ATM, and consumer capture, and other similar forward check collection
services. Activities may include resale of equipment through negotiated
agreement, bundled services, and support agreements, subject to the
following conditions:
a. Restrict CUSO ownership to one corporate unless approved by
NCUA.
b. Comply with Federal Reserve Operating circulars and/or image
clearing house operating agreements.
c. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
d. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
e. Comply with NCUA and FFIEC Guidance for Authentication in an
Internet Banking Environment as applicable.
f. Maintain bond/liability insurance as appropriate.
g. Adhere to AICPA audit standards for reporting on controls at a
service organization.
h. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
i. Utilize distributed settlement model if providing services to
other corporate credit unions.
4. Share Draft (Check) Processing: Offering inclearing services for
the receipt and processing of share drafts (checks) either as
electronic images or physical checks received from the Federal Reserve
Bank, image exchange networks, or through direct presentment
arrangements with other financial institutions. Services include
receipt and processing of inclearing checks for file distribution,
processing of return files, adjustments, dispute resolution assistance,
financial settlement of files, and other similar services, subject to
the following conditions:
a. Restrict CUSO ownership to one corporate unless approved by
NCUA.
b. Comply with Federal Reserve Operating circulars and/or image
clearing house operating agreements.
c. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
d. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
e. Comply with NCUA and FFIEC Guidance for Authentication in an
Internet Banking Environment as applicable.
f. Maintain bond/liability insurance as appropriate.
g. Adhere to AICPA audit standards for reporting on controls at a
service organization.
h. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
i. Utilize distributed settlement model if providing services to
other corporate credit unions.
5. Share Draft, Check Imaging, and Archival Services: Providing
services for capturing and storing images of physical share drafts or
checks for the purpose of facilitating forward check collection,
maintaining electronic archives, and facilitating electronic access to
check images for consumers' statements, integration with internet
banking websites, and other similar purposes. Service may also include
creating copies of archival history to facilitate ``in-house'' storage
or transfers to new third-party service providers, subject to the
following conditions:
a. Restrict CUSO ownership to one corporate unless approved by
NCUA.
b. Comply with Federal Reserve Operating circulars and/or image
clearing house operating agreements.
c. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
d. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
e. Comply with NCUA and FFIEC Guidance for Authentication in an
internet Banking Environment as applicable.
f. Maintain bond/liability insurance as appropriate.
g. Adhere to AICPA audit standards for reporting on controls at a
service organization.
h. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
6. Share Draft Fraud and Risk Management Services: Offering
complementary services for share draft processing designed to identify
and prevent checking account fraud and losses during the share draft
clearing process, subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
c. Maintain bond/liability insurance as appropriate.
d. Adhere to AICPA audit standards for reporting on controls at a
service organization.
e. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
7. Official Check Services: Offering business share drafts
(checks), official checks, and money order programs to include
processing, clearing, and settlement of items, maintaining list of
issued drafts, and providing daily reports for reconciliation, subject
to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
c. Maintain bond/liability insurance as appropriate.
d. Adhere to AICPA audit standards for reporting on controls at a
service organization.
e. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
8. Lockbox & Remittance Services: Providing wholesale or small
batch retail remittance processing services. Service includes receiving
and processing payments, providing reports or files of activity,
depositing of funds, and forward collection of items, subject to the
following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
c. Maintain bond/liability insurance as appropriate.
d. Adhere to AICPA audit standards for reporting on controls at a
service organization.
e. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
9. Online & Mobile Banking: Offering internet-based technological
services which may provide real-time, 24/7 access to consumers'
financial information. This includes the ability to manage a variety of
transactional and non-transactional activities within and between
accounts which may include electronic transfers, payments, on-line loan
applications, and other similar banking activities. Access to accounts
may be through internet web applications and/or portable electronic
[[Page 17298]]
devices, subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
c. Comply with NCUA and FFIEC Guidance for Authentication in an
internet Banking Environment as applicable.
d. Maintain bond/liability insurance as appropriate.
e. Adhere to AICPA audit standards for reporting on controls at a
service organization.
f. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
10. Bill Pay and Electronic Bill Presentment and Payment (EBPP)
Services: Offering services to allow consumers to send money to a
creditor or vendor to be credited against a specific account. Bill
payments may be executed electronically, via paper check or banker's
draft, or other similar electronic payment means. Services may also
include electronically presenting bills and/or billing statements,
subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
c. Comply with NCUA and FFIEC Guidance for Authentication in an
internet Banking Environment as applicable.
d. Maintain bond/liability insurance as appropriate.
e. Adhere to AICPA audit standards for reporting on controls at a
service organization.
f. Annually provide OCCU copy of bond/liability insurance, report
on controls at a service organization, business continuity plans and
test results.
11. Electronic Statements/Paper Statements: Providing electronic
and paper delivery of periodic account statements, subject to the
following conditions:
a. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
b. Comply with NCUA and FFIEC Guidance for Authentication in an
internet Banking Environment as applicable.
c. Maintain bond/liability insurance as appropriate.
d. Annually provide OCCU copy of bond/liability insurance, business
continuity plans and test results.
12. Credit Card, Debit Card, and Gift or Prepaid Card Program
Services: Offering debit, credit, and gift or prepaid card programs and
processing to include: access to card networks and gateways,
authorization and settlement of signature debit transactions, including
settlement of related funds; fraud monitoring, risk management, and
case support services to include neural networks and charge-back
processing services; back office card support and management,
reconciliation of daily settlement and adjustment processing; card
maintenance, issuance, and transaction reports; card program project
management and implementation; and other similar services. Gift or
prepaid cards may be reloadable or non-reloadable, subject to the
following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Maintain bond/liability insurance as appropriate.
c. Maintain and certify compliance with current PCI/DSS (Payment
Card Industry/Data Security Standards).
d. Maintain neural network or other industry standard fraud
detection system.
e. Comply with network processing agreements and standards.
f. Adhere to AICPA audit standards for reporting on controls at a
service organization.
g. Annually provide OCCU copy of bond/liability insurance, business
continuity plans and test results, report on controls at a service
organization, and PCI/DSS compliance certification.
13. Automated Teller Machine (ATM), Electronic Funds Transfer
(EFT), and Point of Sale (POS) Services and Networks: Offering programs
that allow access to a network of EFT terminals and ATMs to initiate
PIN-based debit or ATM card transactions. ATM services include
utilizing a shared ATM network, setting up a private ATM network,
monitoring of ATM connectivity and availability, including the
management of telecom circuits and modems, assisting with the
implementation of new ATMs, ensuring data security and integrity,
providing network access, authorization of PIN transactions completed
at ATMs, including settlement of related funds. Other services include
fraud monitoring of PIN transactions, adjustment and dispute resolution
processing to include card blocking, chargeback processing, related
research and other similar services, subject to the following
conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Maintain bond/liability insurance as appropriate.
c. Maintain and certify compliance with current PCI/DSS.
d. Maintain neural network or other industry standard fraud
detection system.
e. Comply with network processing agreements and standards.
f. Adhere to AICPA audit standards for reporting on controls at a
service organization.
g. Annually provide OCCU copy of bond/liability insurance, business
continuity plans and test results, report on controls at a service
organization, and PCI/DSS compliance certification.
14. Shared Branching Services: Providing for the sharing of
infrastructure to establish a private, secure, cooperative processing
network that accepts transactions from members of participating credit
unions. Shared branching functionality includes conducting deposits,
account balance inquiries, and check cashing, and requesting funds
transfers, official checks, or other similar services, subject to the
following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring
uninterrupted operations.
b. Comply with the Security Program Requirements--Part 748 to
safeguard consumer information.
c. Comply with NCUA and FFIEC Guidance for Authentication in an
internet Banking Environment as applicable.
d. Maintain and certify compliance with current PCI/DSS network
standards or other similar shared network security standard, if
applicable.
e. Maintain bond/liability insurance as appropriate.
f. Adhere to AICPA audit standards for reporting on controls at a
service organization.
g. Annually provide OCCU copy of bond/liability insurance, business
continuity plans and test results, report on controls at a service
organization, and PCI/DSS compliance certification, if applicable.
A corporate credit union may engage in the following information
technology services:
1. Web Development, Hosting, & Content Management: Developing and
designing non-transaction public websites, private or internal
websites, and web applications. Website hosting to include maintaining
the servers and html code for public and private
[[Page 17299]]
websites, intranets, and Web applications used on customer websites.
Offering web content management (WCM) systems to simplify the
publication of web content and updates to websites and mobile devices,
subject to the following conditions:
a. Maintain business recovery plan ensuring uninterrupted
operations.
b. Maintain bond/liability insurance appropriate for activity.
c. Adhere to AICPA audit standards for reporting on controls at a
service organization.
d. Annually provide OCCU copy of bond/liability insurance, business
contingency plans & test results.
2. Web Authentication & Security Monitoring: Web security and
monitoring services such as authentication and encryption of passwords
and other similar techniques for secure member login to intranets,
extranets, and private websites; host based intrusion protection and
detection; log monitoring; hacker-safe monitoring programs; and
configuration and daily administration web security and other similar
monitoring services, subject to the following conditions:
a. Comply with the Security Program Requirements--Part 748 of the
NCUA Rules and Regulations.
b. Comply with NCUA and FFIEC Guidance for Authentication in an
internet Banking Environment as applicable.
c. Maintain bond/liability insurance appropriate for activity.
d. Adhere to AICPA audit standards for reporting on controls at a
service organization.
e. Annually provide OCCU copy of bond/liability insurance, business
contingency plans & test results.
3. Software Systems Development/Application Programming Interface
(API) Development: Designing, coding, testing and updating custom
software system data programs and other code (e.g., scripts).
Application Programming Interface (API) development includes
developing, testing, and updating custom applications which interface
with other existing systems and applications such as core processing
systems, subject to the following conditions:
a. Comply with the Security Program Requirements--Part 748 of the
NCUA Rules and Regulations.
b. Conduct independent code review for custom software systems and
applications.
c. Adhere to audit standards for third-party service providers.
d. Maintain source code for custom developed software systems in
escrow or in similar arrangement.
4. Secure Collaboration Services: Programs, systems, or sites for
establishing secure communication channels for private document storage
and distribution, and dissemination of confidential or sensitive
information for the purpose of collaboration between authorized
parties, provided that the corporate CUSO complies with the Security
Program Requirements--Part 748 of the NCUA Rules and Regulations.
5. Information Technology (IT) Consulting and Management Services:
Consulting and management services for IT infrastructure design and
architecture, system security, administration, support, resource
management and monitoring. Services include offering Software as a
Service (SaaS), Infrastructure as a Service (IaaS), Platform as a
Service (PaaS), and planning and management, and the provisioning of
hardware and software for business continuity planning to include
online data backup and recovery services, subject to the following
conditions:
a. Comply with the Security Program Requirements--Part 748 and
Records Preservation Program and Records Retention Appendix--Part 749
of the NCUA Rules and Regulations.
b. Maintain bond/liability insurance appropriate for activity.
c. Annually provide OCCU copy of bond/liability insurance, vendor
due diligence reports, security program, business contingency plans &
test results.
A corporate credit union may engage in the following investment/ALM
services:
1. Asset Liability Management (ALM) Consulting, Advisory, and
Reporting Services: Consulting, advisory, and reporting services for
balance sheet and interest rate risk management. This includes ALM
interest rate risk modeling, measurement, and reporting; ALM model
validation services; consulting services for ALM policy development,
core deposit studies, lending pool analysis and valuations, and other
similar services.
[FR Doc. 2020-03837 Filed 3-26-20; 8:45 am]
BILLING CODE 7535-01-P
