AGENCY:
National Credit Union Administration (NCUA).
ACTION:
Proposed rule.
SUMMARY:
The NCUA Board (Board) is seeking comment on a proposed rule that would amend the NCUA's corporate credit union regulation. The proposed rule would update, clarify, and simplify several provisions of the NCUA's corporate credit union regulation, including: Permitting a corporate credit union to make a minimal investment in a credit union service organization (CUSO) without the CUSO being classified as a corporate CUSO under the NCUA's rules; expanding the categories of senior staff positions at member credit unions eligible to serve on a corporate credit union's board; amending the minimum experience and independence requirement for a corporate credit union's enterprise risk management expert; and requiring a corporate credit union to deduct certain investments in subordinated debt instruments issued by natural person credit unions.
DATES:
Comments must be received by May 26, 2020.
ADDRESSES:
You may submit written comments, identified by RIN 3133-AF13, by any of the following methods (Please send comments by one method only):
- Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
- Fax: (703) 518-6319. Include “[Your Name]—Comments on Proposed Rule: Corporate Credit Unions” in the transmittal.
- Mail: Address to Gerard Poliquin, Secretary of the Board, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.
- Hand Delivery/Courier: Same as mail address.
Public Inspection: You may view all public comments on the Federal eRulemaking Portal at http://www.regulations.gov as submitted, except for those we cannot post for technical reasons. The NCUA will not edit or remove any identifying or contact information from the public comments submitted. You may inspect paper copies of comments in the NCUA's law library at 1775 Duke Street, Alexandria, Virginia 22314, by appointment weekdays between 9:00 a.m. and 3:00 p.m. To make an appointment, call (703) 518-6546, or send an email to OGCMail@ncua.gov.
FOR FURTHER INFORMATION CONTACT:
Policy and Analysis: Robert Dean, National Supervision Analyst, Office of National Examinations and Supervision, (703) 518-6652; Legal: Rachel Ackmann, Senior Staff Attorney, Office of General Counsel, (703) 548-2601; or by mail at National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314.
SUPPLEMENTARY INFORMATION:
I. Introduction
a. Legal Authority and Background
The Board is issuing this rule pursuant to its authority under the Federal Credit Union Act (FCU Act).[1] Under the FCU Act, the NCUA is the chartering and supervisory authority for Federal credit unions (FCUs) and the federal supervisory authority for federally insured credit unions (FICUs). The FCU Act grants the NCUA a broad mandate to issue regulations governing both FCUs and FICUs. Section 120 of the FCU Act is a general grant of regulatory authority and authorizes the Board to prescribe regulations for the administration of the FCU Act.[2] Section 209 of the FCU Act is a plenary grant of regulatory authority to the NCUA to issue regulations necessary or appropriate to carry out its role as share insurer for all FICUs.[3] The FCU Act also includes an express grant of authority for the Board to subject federally chartered central, or corporate, credit unions to such rules, regulations, and orders as the Board deems appropriate.[4]
Part 704 of the NCUA's regulations implements the requirements of the FCU Act regarding corporate credit unions.[5] In 2010, the Board comprehensively revised the regulations governing corporate credit unions to provide longer-term structural enhancements to the corporate system in response to the financial crisis of 2007-2009.[6] The provisions of the 2010 rule successfully stabilized the corporate system and improved corporate credit unions' ability to function and provide services to natural person credit unions. Since 2010, and as part of the Board's continuous reevaluation of its regulation of corporate credit unions, the Board has amended part 704 on several occasions.[7] Part 704 was last amended in 2017, when the Board amended corporate credit union capital standards to change the calculation of capital after a consolidation and to set a retained earnings ratio target in meeting prompt corrective action (commonly referred to as PCA) standards.[8]
b. Regulatory Review
The NCUA reviews all of its existing regulations every three years. The NCUA's Office of General Counsel maintains a rolling review schedule that identifies one-third of its existing regulations for review each year and provides notice to the public of those regulations under review so the public may have an opportunity to comment. Part 704 was part of the Office of General Counsel's 2019 annual regulatory review.[9] The Board received several comments on updating part 704 as part of the 2019 annual regulatory review.
II. Proposed Rule
The Board proposes to update, clarify, and simplify several provisions of part 704. Specifically, the proposed rule would: (1) Permit a corporate credit union to make a minimal investment in a CUSO without the CUSO being classified as a corporate CUSO and subject to heightened NCUA oversight; (2) expand the categories of senior staff positions at member credit unions eligible to serve on a corporate credit union's board; (3) remove the experience and independence requirement for a corporate credit union's enterprise risk management expert; (4) clarify the treatment of an investment in a subordinated debt instrument of a natural person credit union; (5) codify the current list of permissible activities for a corporate CUSO; (6) clarify the definition of a collateralized debt obligation; and (7) simplify the requirement for net interest income modeling. Each proposed change is discussed in detail below.
A. Minimal Investment in Natural Person CUSOs
Part 704 includes specific regulations for a corporate credit union's investment and lending activity and permits a corporate credit union to invest in and lend to a corporate CUSO. A corporate CUSO is defined as an entity that is at least partly owned by a corporate credit union; primarily serves credit unions; restricts its services to those related to the normal course of business of credit unions; [10] and is structured as a corporation, limited liability company, or limited partnership under state law.[11]
Similar to natural person credit union service organizations (NP CUSOs), the Board cannot regulate corporate CUSOs directly, but it can, for safety and soundness reasons, regulate the types of investments that corporate credit unions make and whether a corporate credit union may invest in a CUSO. Part 704 includes several prudential requirements to ensure corporate credit union investment in and lending to corporate CUSOs is safe and sound. For example, part 704 regulates aggregate corporate credit union investment in and lending to corporate CUSOs. Part 704 also includes customer base requirements, permissible activities, accounting and audit standards, and requires NCUA access to corporate CUSO facilities, books, and records. In general, many of the prudential standards for corporate CUSOs are more restrictive than the standards for NP CUSOs.[12] The Board has historically imposed more restrictive standards for corporate CUSOs as they may serve hundreds or even thousands of natural person credit unions and pose unique systemic risk.[13] Additionally, core functions of corporate credit unions that pose systemic risk could be moved to corporate CUSOs. The Board has expressed concern that the movement of these core functions to entities that are not directly regulated by the NCUA could increase the systemic risk associated with corporate CUSOs, and the Board wants to ensure it has a degree of oversight and control of these activities.[14]
As stated above, a corporate CUSO is defined as an entity that is at least partly owned by a corporate credit union; primarily serves credit unions; restricts its services to those related to the normal course of business of credit unions; and is structured as a corporation, limited liability company, or limited partnership under state law.[15] The definition is broad and includes no exception for de minimus, non-controlling equity investments. Accordingly, any corporate credit union equity interest in a CUSO, regardless of how small a share of the CUSO the corporate credit union owns, is sufficient to designate the CUSO as a corporate CUSO and subject it to additional requirements under part 704.
The proposed rule would amend the definition of corporate CUSO so that a corporate credit union could make a de minimus, non-controlling investment in a NP CUSO without the CUSO being deemed a corporate CUSO. The Board has reconsidered its position that any corporate credit union investment in a CUSO must be subject to enhanced standards under part 704. The Board believes that a corporate credit union's non-controlling investment would not pose the same systemic risks to the credit union system as a controlling investment. It is unlikely that a corporate credit union would move its essential functions into a non-controlled CUSO.
The Board has also considered the benefits of permitting corporate credit unions to make de minimus, non-controlling investments in NP CUSOs. Compared to corporate CUSOs, NP CUSOs are permitted to engage in a broader range of permissible activities and services. Consequently, NP CUSOs are often a source of collaboration and innovation among FICUs that may result in the origination of new products and services. To compete effectively in today's technology-based financial service market, FICUs may need to rely increasingly on pooling their resources to fund CUSOs and to build the necessary infrastructure. The costs for research and development, acquisition, implementation, and specialized staff capable of managing these new technologies may be prohibitive for all but a very few of the largest FICUs. CUSOs may provide the means for FICUs to collectively address these challenges and may enable FICUs to collaboratively develop technologies that better serve their members.
Without the opportunity to invest in NP CUSOs, a corporate credit union may be restricted in its ability to participate in this process. The Board believes that by expanding corporate credit union investment authorities, while still maintaining necessary safeguards, corporate credit unions will be in a better position to participate in the development of new products and services. NP CUSOs would also benefit from a larger pool of potential investors, which may enable further research and development during this period of rapid technological growth.
In addition to amending the definition of corporate CUSO to permit de minimus, non-controlling investments in NP CUSOs, the proposed rule would also make several conforming amendments to part 704. The specific details of the proposed amendments are discussed below.
§ 704.2 Definitions
Consolidated credit union service organization. Generally, consolidated CUSOs are those majority-owned by a corporate credit union. The proposed rule would amend the definition of consolidated CUSO to use the newly defined term “CUSO” for clarity. Under the proposed rule, a consolidated CUSO would mean any CUSO the assets of which are consolidated with those of the corporate credit union for purposes of reporting under Generally Accepted Accounting Principles (GAAP).
Corporate CUSO. As discussed above, the proposed rule would amend the definition of a corporate CUSO. Under the proposed rule, a CUSO would be designated as a corporate CUSO only if one or more corporate credit unions have a controlling interest. A corporate credit union would be considered to have a controlling interest if: (1) The CUSO is consolidated on a corporate credit union's balance sheet; (2) a corporate credit union has the power, directly or indirectly, to direct the CUSO's management or policies; or (3) a corporate credit union owns 25 percent or more of the CUSO's contributed equity, stock, or membership interests.[16] A CUSO would also be designated as a corporate CUSO if the aggregate corporate credit union ownership of all corporates investing in the CUSO meets or exceeds 50 percent of the CUSO's contributed equity, stock, or membership interests. The Board is concerned that if several corporate credit unions have a majority ownership interest in a CUSO, the CUSO could present the same risk to the credit union system as a CUSO that is controlled by one corporate credit union. If any of these four conditions are met, then the CUSO would meet the definition of a corporate CUSO and be subject to additional requirements under part 704. The definition of corporate CUSO would also be moved to § 704.2 for consistency with the location of other definitions in part 704.
Credit Union Service Organization (CUSO). The proposed rule would define the term CUSO for purposes of part 704. Under the proposed rule, a CUSO would mean both a NP CUSO under part 712 and a corporate CUSO under part 704.11. The proposed definition makes it clear that the term CUSO applies to both NP CUSOs and corporate CUSOs unless otherwise stated. For example, when calculating tier 1 capital under part 704, a corporate credit union must deduct, in part, investments in any “unconsolidated CUSO.” By using the term “CUSO,” instead of the defined terms “corporate CUSO” and “consolidated CUSO,” the proposed rule should be clear that a corporate credit union must deduct unconsolidated investments in both a NP CUSO and a corporate CUSO.
§§ 704.5 Investments, 704.6 Credit Risk Management, and 704.7 Lending
The proposed rule would remove references to corporate CUSOs and instead refer to the general term CUSO because those provisions would continue to apply to a corporate credit union investing in and lending to both NP CUSOs and corporate CUSOs, as explained in detail below in the discussion of the proposed changes to § 704.11.
§ 704.11 Credit Union Service Organizations (CUSOs)
Under the proposed rule, § 704.11 would be reorganized for clarity, however, the substantive requirements for corporate CUSOs would not be amended. The intent of the reorganization is to be clear that certain requirements apply to a corporate credit union's investment in or lending to both NP CUSOs and corporate CUSOs, certain requirements apply only to NP CUSOs, and other requirements apply only to corporate CUSOs.
The proposed rule sets forth the requirements for all corporate credit union investments in or lending to CUSOs. The proposed rule, in § 704.11(a), states that the aggregate investment and lending limits apply regardless of whether a corporate credit union's investment or loan is to a NP CUSO or a corporate CUSO. The proposed rule does not amend the current aggregate limitations on investments and lending.[17] A corporate credit union that has already invested in or loaned the maximum permitted under the current rule would not be authorized to invest or lend any additional money. Instead, such a corporate credit union would have to reallocate its investments or loans if it seeks to make any new investments that are prohibited.
In § 704.11(b), the proposed rule states that all corporate credit union loans to CUSOs are subject to due diligence requirements.[18] The proposed rule, as does the current rule, would require corporate credit unions to comply with certain due diligence requirements from the NCUA's member business loans rule before making a loan to a CUSO. Under the proposed rule, corporate credit unions would be subject to the commercial loan policy and due diligence requirements in the NCUA's member business loans rule [19] for lending to both NP CUSOs and corporate CUSOs. The board-approved policy must ensure corporate credit union lending activities are performed in a safe and sound manner by providing for ongoing control, measurement, and management of CUSO lending. The policy should also include qualifications and experience requirements for personnel involved in underwriting, processing, approving, administering, and collecting loans to CUSOs. The corporate credit union must also have a loan approval process, underwriting standards and risk management processes commensurate with the size, scope and complexity of its CUSO lending. The Board believes these due diligence requirements are the minimum requirements necessary to ensure that corporate credit unions are engaging in safe and sound lending practices. The requirements should not place a new burden on corporate credit unions because any corporate credit union that is currently making a loan to a corporate CUSO should be following these basic safety and soundness principles.
In § 704.11(c), the proposed rule would set forth the regulations governing corporate credit union investment in and lending to NP CUSOs. The proposed rule would state that corporate credit union investment in and lending to NP CUSOs are generally subject to part 712 of this chapter. The intent of this section is to be clear that a CUSO is either governed under part 704 as a corporate CUSO, as discussed below, or subject to part 712 as a NP CUSO. A corporate credit union investment in a CUSO of a state-chartered natural person credit union would also be subject to the requirements in part 712.
In § 704.11(d), the proposed rule, like the current rule, would include safety and soundness requirements for corporate credit union investments in and loans to corporate CUSOs. In general, the proposed rule does not make any substantive changes to the existing prudential requirements. The requirements have been reorganized for clarity and as part of the general restructuring of § 704.11, but are not otherwise substantively amended.[20]
Finally, in § 704.11(e), the proposed rule would include one new prudential requirement for corporate credit union investments in and loans to corporate CUSOs. The proposed rule states that any subsidiary of a corporate CUSO would be automatically designated a corporate CUSO. The proposed rule also would provide that all tiers or levels of a corporate CUSO's structure are subject to the requirements for corporate CUSOs. The Board believes this level of oversight is necessary for all tiers of a corporate CUSO because corporate CUSOs affect not only the health of the investing corporate credit union, but also the health of the credit union system as a whole. Many corporate CUSOs serve natural person credit unions directly. As stated previously, the Board has historically been concerned that some activities might migrate from corporate credit unions to CUSOs and their subsidiaries, and the Board needs to ensure each layer in the corporate structure is subject to certain minimal prudential requirements.
§ 704.19 Disclosure of Executive Compensation
Section 704.19 currently requires that each corporate credit union annually prepare and maintain a document that discloses the compensation of certain employees, including compensation received from a corporate CUSO.[21] The proposal would amend § 704.19 to require that employee compensation from either a NP CUSO or a corporate CUSO must be reported. The Board notes that under the current rule to facilitate this disclosure, § 704.11(g) requires a corporate CUSO to disclose compensation paid to any employees that are also employees of a corporate credit union lending to, or investing in, the CUSO. This provision places the burden of disclosure on the corporate CUSO. The proposed rule, however, would not include a similar requirement for NP CUSOs.[22] Accordingly, the dual employee would be required to disclose his or her compensation from the NP CUSO for the corporate credit union to make the required disclosure.
B. Corporate Credit Union Board Representation
Section 704.14 currently requires that at least a majority of a corporate credit union's board members must serve on the corporate credit union's board as a representative of a member credit union.[23] In addition, any candidate for a position on the board of a corporate credit union must hold a senior management position at a member credit union and hold that position at the time he or she is seated on the board of a corporate credit union. Currently, only an individual who holds the position of chief executive officer, chief financial officer, chief operating officer, or treasurer/manager at a member credit union, and will hold that position at the time he or she is seated on the corporate credit union board if elected, may seek election or re-election to the corporate credit union board.
The proposed rule would expand the credit union officials eligible to serve on a corporate credit union board. The proposed rule would no longer expressly limit the corporate credit union board to the above stated positions and instead would include any person in a senior staff position at a member credit union. The proposed rule would then list the current positions as examples of senior staff positions that are eligible to serve on a corporate credit union board. The proposed rule also would include two new positions, chief information officer and chief risk officer, in the list of examples of senior staff positions eligible to serve on a corporate credit union board.
The Board believes that officials who hold a senior management position at a member credit union are qualified individuals who could offer expertise as a corporate credit union board member. Not only would the corporate credit union members have more flexibility in choosing board members, but expanding eligible senior staff positions, such as chief information officer and chief risk officer, would widen the range of expertise on corporate credit union boards.
C. Enterprise Risk Management
Section 704.21 requires corporate credit unions to develop and follow an enterprise risk management policy.[24] A corporate credit union must also establish an enterprise risk management committee (ERMC) and include an independent risk management expert on the committee. The Board adopted these requirements in 2011 due to concerns that corporate credit unions were not adequately focused on the aggregation of exposures across entire institutions, even though the Board believed that corporate credit unions were adequately focused on individual risk exposures.[25]
The current rule includes several specific requirements regarding the independent risk management expert on the committee. The risk management expert must have at least five years of experience in identifying, assessing, and managing risk exposures.[26] This experience must be commensurate with the size of the corporate credit union and the complexity of its operations. In addition, the current rule provides what constitutes independence. A risk management expert qualifies as independent if: (1) The expert reports to the ERMC and to the corporate credit union's board of directors; (2) neither the expert, nor any immediate family member of the expert, is supervised by or has any material business or professional relationship with the chief executive officer (CEO) of the corporate credit union, or anyone directly or indirectly supervised by the CEO; and (3) neither the expert, nor any immediate family member of the expert, has had any of the previously described relationships for at least the past three years.[27] The Board specifically included experience and independence requirements to ensure the enterprise risk management expert is adequately qualified and not influenced by the operational side of the corporate credit union.[28]
The Board, however, no longer believes that it is necessary for prescriptive experience requirements and for the risk management expert to be independent of the corporate credit union. The Board believes the corporate credit union should have more discretion in choosing an adequate risk management expert. The Board does not believe that a prescriptive five-year experience requirement is necessary. The Board believes that corporate credit unions are in the best position to determine the appropriate level of experience necessary for the position. The proposed rule also would permit the risk management expert to report directly to the ERMC.
Additionally, the Board believes that the effectiveness of risk management practices is driven by a multitude of factors, to include policies, processes, and qualified knowledge. Many corporate credit unions have integrated their enterprise risk management function into their business decision making, and at many corporate credit unions, internal corporate staff possess the skills and experience to capably manage the enterprise risk management program. By and large, corporate credit unions have improved their ability to assess risk and effectively challenge evaluations of risk since the current rule was first adopted. The proposed rule would provide the corporate credit unions flexibility to choose an internal risk management expert instead of engaging an outside consultant.
The Board, however, notes that even though independence is no longer an explicit requirement, for best enterprise risk management practices, the expert should have appropriate stature and authority to effectively manage and lead an enterprise risk management program. The expert must be competent to analyze risks across the institution and have the capability to communicate those risks to the board or ERMC despite potential influence from the operational side of the corporate credit union. The NCUA will evaluate the adequacy of a corporate credit union's enterprise risk management practices through the supervisory process. Sound risk management is a cornerstone responsibility of a credit union's leadership; therefore, CAMEL and risk ratings will incorporate the supervisory team's assessment of this area. Weaknesses in risk management may result in supervisory actions.
D. Natural Person Credit Union Subordinated Debt Instruments
The Board recently issued a proposed rule to permit low-income designated credit unions, complex credit unions, and new credit unions to issue subordinated debt instruments for purposes of regulatory capital treatment (subordinated debt NPR).[29] If the Board adopts the proposed rule as final, it expects additional credit unions to begin issuing subordinated debt instruments. Therefore, the Board believes it is necessary to clarify whether corporate credit unions may purchase such instruments and, if so, the treatment of the investments under part 704.
This proposed rule would create a new definition for the term natural person credit union subordinated debt instrument. The proposed rule would define a natural person credit union subordinated debt instrument as any debt instrument issued by a natural person credit union that is subordinate to all other claims against the credit union, including the claims of creditors, shareholders, and either the National Credit Union Share Insurance Fund (NCUSIF) or the insurer of a privately insured credit union. The Board intends for this definition to include all instruments issued under the subordinated debt NPR.
The Board is clarifying that corporate credit unions may purchase subordinated debt instruments of natural person credit unions under a corporate credit union's lending authority. This authority is derived from their lending authority because subordinated debt instruments are issued under a natural person credit union's borrowing authority. Additionally, natural person credit unions are also permitted to, subject to various restrictions and limits, purchase such subordinated debt instruments from other natural person credit unions under their lending authority. Treating the purchase of such subordinated debt instruments as lending would ensure consistent treatment between natural person credit unions and corporate credit unions. The proposed rule would not explicitly state that a corporate credit union may purchase a natural person credit union subordinate debt instrument because the Board believes corporate credit unions' current lending authority is currently sufficiently broad to include purchasing subordinated debt instruments.
The proposed rule, however, would require that a corporate credit union fully deduct the amount of the subordinated debt instrument from its tier 1 capital to ensure consistent treatment between investments in the capital of other corporate credit unions and natural person credit unions. Corporate credit unions are currently required to deduct from tier 1 capital any investments in perpetual contributed capital and nonperpetual capital accounts that are maintained at other corporate credit unions.[30] The Board believes that investments in natural person credit union subordinated debt instruments should be treated similarly as such instruments may qualify as regulatory capital for the natural person credit union. The Board is also concerned about systemic risk if corporate credit unions own a significant amount of natural person credit union issued subordinated debt. Finally, a natural person credit union subordinated debt instrument would be in a first loss position, even before the NCUSIF and any private insurance fund or entity. Therefore, an involuntary liquidation of the issuing credit union would potentially mean large, and likely total, losses for the holders of those subordinated obligations. The Board believes that fully deducting such instruments from tier 1 capital will ensure any potential losses do not affect the capital position of the investing corporate credit union. This measured approach strikes the right balance between providing corporate credit unions the flexibility to purchase natural person credit union subordinated debt instruments and avoiding undue systemic risk to the credit union system.
E. Approved Corporate CUSO Activities.
Part 704 does not list the permissible activities for corporate CUSOs in the regulatory text of part 704 of the Code of Federal Regulations, unlike part 712, which does so for NP CUSOs.[31] Instead, § 704.11 requires that, generally, a corporate CUSO must agree that it will limit its services to brokerage services, investment advisory services, and other categories of services as preapproved by NCUA and published on NCUA's website.[32] A CUSO that desires to engage in an activity not preapproved by NCUA can apply to NCUA for that approval. To increase transparency and make it easier for corporate credit unions to determine if an activity has previously been determined by the Board to be permissible, the proposed rule would replace the permissible activities list from the NCUA website with a new appendix to part 704. The proposed rule would include a new Appendix D, which would reprint the current list of permissible activities and conditions for corporate CUSO activities. The Board is not proposing any amendments to the list at this time. In the future, the Board would make any additions or changes to the list by amending Appendix D through a rulemaking.
F. Definition of Collateralized Debt Obligation.
Corporate credit unions are prohibited from purchasing certain overly complex or leveraged investments, including collateralized debt obligations (commonly referred to as CDOs).[33] Under the current rule, the term CDO means a debt security collateralized by mortgage-backed securities, other asset-backed securities, or corporate obligations in the form of nonmortgage loans or debt. The term does not include: (1) Senior tranches of Re-REMICs consisting of senior mortgage- and asset-backed securities; (2) Any security that is fully guaranteed as to principal and interest by the U.S. Government or its agencies or its sponsored enterprises; or (3) Any security collateralized by other securities where all the underlying securities are fully guaranteed as to principal and interest by the U.S. Government or its agencies or its sponsored enterprises.[34] The proposed rule would amend the definition of CDO to clarify that the definition includes both loans and debt securities. The proposed rule would change the defined term to “collateralized loan or debt obligation,” but would not otherwise amend the definition. The NCUA Board is aware that there has been confusion among industry participants concerning whether collateralized loans meet the definition and are therefore prohibited. The Board believes amending the name of the defined term clarifies the Board's intent.
G. Net Interest Income Modeling
Under the current rule, a corporate credit union must perform net interest income (NII) modeling to project earnings in multiple interest rate environments for a period of no less than two years.[35] NII modeling must, at minimum, be performed quarterly, including once on the last day of the calendar quarter. The proposed rule would make a change to the timeframe for NII. Under the proposed rule, a corporate credit union would not be required to perform NII modeling for two years and instead would only be required to perform modeling for one year.
The Board is proposing to amend the requirements for NII given that corporate credit unions are also subject to weighted average life (WAL) limits, which limit asset maturities to less than two years.[36] Under the current rule, a corporate credit union must test its financial assets at least quarterly, including once on the last day of the calendar quarter, for compliance with this limitation. If the WAL of a corporate credit union's assets exceeds two years on the testing date, this test must be calculated at least monthly, including once on the last day of the month, until the WAL is below two years.
The Board believes that NII modeling performed over a longer period than the WAL limits for asset maturities is less useful because the corporate credit union would also have to estimate what reinvestments would occur over the two-year period beyond simply estimating interest cash flows on assets. In addition, corporate credit unions already conduct net economic value analyses which capture a long-term view of interest rate risk. The Board believes that NII modeling over a one-year period sufficiently captures a corporate credit union's short-term interest rate risk.
III. Request for Comment on the Proposed Rule
The above proposed changes are consistent with the Board's ongoing efforts to reduce regulatory burden while assuring that corporate credit unions operate in a safe and sound manner. The Board welcomes comment on all aspects of the proposal. The Board is particularly interested in comments on the proposed thresholds and definitions and is willing to consider alternatives. The Board is requesting comment specifically on the following questions.
1. Is the proposed definition of corporate CUSO appropriate? Does it capture the types of corporate credit union investments most likely to pose systemic risk to the credit union system? The Board is willing to consider amendments to the definition of corporate CUSO.
2. The proposed definition of a corporate CUSO states that if a corporate credit owns 25 percent or more of a CUSO's contributed equity, stock, or membership interests, then the CUSO is a corporate CUSO. Please comment on whether 25 percent is an appropriate threshold for control. Should the Board consider a higher or lower threshold? The Board is willing to consider alternative thresholds for the definition of corporate CUSO. The Board notes that for some purposes the Federal Deposit Insurance Corporation defines control as low as 10 percent of an institution's common stock.
3. How do corporate credit unions structure their investment in CUSOs? Is it generally through stock? Contributed equity? Membership interests? Are there any types of typical ownership interests excluded from the corporate CUSO definition?
4. The proposed rule would not require NP CUSOs to disclose compensation paid to any employees that are also employees of a corporate credit union lending to, or investing in, the CUSO. Are corporate credit unions able to comply with their annual compensation disclosure without receiving the information from NP CUSOs?
5. Instead of requiring a deduction from capital due to the investment in a subordinated debt instrument, should the Board prohibit a corporate credit union from investing in such an instrument? Prohibiting an investment would limit a corporate credit union's flexibility, but would further reduce the potential for systemic risk. Please discuss the definition of natural person credit union subordinated debt instrument. Does it appropriately capture the subordinated debt instruments issued by natural person credit unions that are most likely to pose systemic risk? The Board is open to alternative treatments for a corporate credit union's investment in subordinated debt instruments.
6. Would a one-year window for NII modeling provide credit unions with a more accurate window to project earnings? Should the Board consider other timeframes to balance the accuracy of projections with the need for corporate credit unions to understand its interest rate risk? The Board is willing to consider alternative time periods for NII.
VII. Regulatory Procedures
Regulatory Flexibility Act
The Regulatory Flexibility Act (RFA) generally requires that, in connection with a notice of proposed rulemaking, an agency prepare and make available for public comment an initial regulatory flexibility analysis that describes the impact of a proposed rule on small entities (defined for purposes of the RFA to include credit unions with assets less than $100 million).[37] A regulatory flexibility analysis is not required, however, if the agency certifies that the rule will not have a significant economic impact on a substantial number of small entities and publishes its certification and a short, explanatory statement in the Federal Register together with the rule.
This proposed rule would not have a significant economic impact on a substantial number of small entities. There are no corporate credit unions under $100 million in assets. Therefore, the Board certifies that the rule will not have a significant economic impact on a substantial number of small entities.
Paperwork Reduction Act
The Paperwork Reduction Act of 1995 (PRA) applies to information collection requirements in which an agency creates a new paperwork burden on regulated entities or modifies an existing burden. For purposes of the PRA, a paperwork burden may take the form of a reporting, recordkeeping, or third-party disclosure requirement, each referred to as an information collection. The NCUA may not conduct or sponsor, and the respondent is not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number.
The proposed rule will amend 12 CFR part 704, in part, to address minimal investments by a corporate credit union in a CUSO without the CUSO being classified as a corporate CUSO. The information collection requirements associated with this provision are cleared under OMB control number 3133-0129 and there are no other new information collection requirements associated with this proposed rule.
Executive Order 13132
Executive Order 13132 encourages independent regulatory agencies to consider the impact of their actions on state and local interests. In adherence to fundamental federalism principles, the NCUA, an independent regulatory agency as defined in 44 U.S.C. 3502(5), voluntarily complies with the principles of the executive order. This rulemaking will not have a substantial direct effect on the states, on the connection between the national government and the states, or on the distribution of power and responsibilities among the various levels of government. The NCUA has determined that this proposal does not constitute a policy that has federalism implications for purposes of the executive order.
Assessment of Federal Regulations and Policies on Families
The NCUA has determined that this proposed rule will not affect family well-being within the meaning of section 654 of the Treasury and General Government Appropriations Act, 1999, Public Law 105-277, 112 Stat. 2681 (1998).
List of Subjects in 12 CFR Part 704
- Credit unions
- Corporate credit unions
- Reporting and recordkeeping requirements
By the National Credit Union Administration Board on February 20, 2020.
Gerard Poliquin,
Secretary of the Board.
For the reasons discussed above, the Board proposes to amend 12 CFR part 704, as follows:
PART 704—CORPORATE CREDIT UNIONS
1. The authority citation for part 704 continues to read as follows:
Authority: 12 U.S.C. 1766(a), 1781, and 1789.
2. In § 704.2:
a. Revise the definition of Collateralized Debt Obligation, Consolidated Credit Union Service Organization and Tier 1 Capital; and
b. Add definitions for Corporate CUSO, Credit Union Service Organization (CUSO), and Natural Person Credit Union Subordinated Debt Instrument, in alphabetical order, to read as follows:
Collateralized Debt and Loan Obligation (CDLO) means a debt security collateralized by mortgage-backed securities, other asset-backed securities, or corporate obligations in the form of nonmortgage loans or debt. For purposes of Part 704, the term CDLO does not include:
(1) Senior tranches of Re-REMIC's consisting of senior mortgage-and asset-backed securities;
(2) Any security that is fully guaranteed as to principal and interest by the U.S. Government or its agencies or its sponsored enterprises; or
(3) Any security collateralized by other securities where all the underlying securities are fully guaranteed as to principal and interest by the U.S. Government or its agencies or its sponsored enterprises.
Consolidated Credit Union Service Organization (Consolidated CUSO) means any CUSO the assets of which are consolidated with those of the corporate credit union for purposes of reporting under Generally Accepted Accounting Principles (GAAP). Generally, consolidated CUSOs are majority-owned CUSOs.
Corporate CUSO means a CUSO, as defined in part 712, that:
(1) Is a consolidated CUSO;
(2) A corporate credit union has the power, directly or indirectly, to direct the CUSO's management or policies;
(3) A corporate credit union owns 25 percent or more of the CUSO's contributed equity, stock, or membership interests; or
(4) The aggregate corporate credit union ownership meets or exceeds 50 percent of the CUSO's contributed equity, stock, or membership interests.
Credit union service organization (CUSO) means both a CUSO under part 712 and a corporate CUSO under part 704.
Natural Person Credit Union Subordinated Debt Instrument is any debt instrument issued by a natural person credit union that is subordinate to all other claims against the credit union, including the claims of creditors, shareholders, and either the National Credit Union Share Insurance Fund or the insurer of a privately insured credit union.
Tier 1 capital means the sum of items in paragraphs (1) and (2) of this definition from which items in paragraphs (3) through (7) are deducted:
(1) Retained earnings;
(2) Perpetual contributed capital;
(3) Deduct the amount of the corporate credit union's intangible assets that exceed one half percent of its moving daily average net assets (however, the NCUA may direct the corporate credit union to add back some of these assets on the NCUA's own initiative, or the NCUA's approval of petition from the applicable state regulator or application from the corporate credit union);
(4) Deduct investments, both equity and debt, in unconsolidated CUSOs;
(5) Deduct an amount equal to any PCC or NCA that the corporate credit union maintains at another corporate credit union;
(6) Deduct any amount of PCC received from federally insured credit unions that causes PCC minus retained earnings, all divided by moving daily average net assets, to exceed two percent when a corporate credit union's retained earnings ratio is less than two and a half percent; and
(7) Deduct any natural person credit union subordinated debt instrument held by the corporate credit union.
3. Revise § 704.5(c)(3) to read as follows:
(c) * * *
(1) * * *
(2) * * *
(3) CUSOs, subject to the limitations of § 704.11;
4. In § 704.6(c)(2)(vi), remove the word “corporate” before the word “CUSO.”
5. In § 704.7, remove the word “corporate” before the word “CUSO” each place the word appears.
6. In § 704.8(e) replace the phrase “no less than 2 years” with “no less than 1 year.”
7. Revise § 704.11 to read as follows:
(a) Investment and loan limitations. (1) The aggregate of all investments in member and non-member CUSOs that a corporate credit union may make must not exceed 15 percent of a corporate credit union's total capital.
(2) The aggregate of all investments in and loans to member and nonmember CUSOs a corporate credit union may make must not exceed 30 percent of a corporate credit union's total capital. A corporate credit union may lend to member and nonmember CUSOs an additional 15 percent of total capital if the loan is collateralized by assets in which the corporate has a perfected security interest under state law.
(3) If the limitations in paragraphs (a)(1) and (a)(2) of this section are reached or exceeded because of the profitability of the CUSO and the related GAAP valuation of the investment under the equity method without an additional cash outlay by the corporate, divestiture is not required. A corporate credit union may continue to invest up to the regulatory limit without regard to the increase in the GAAP valuation resulting from the CUSO's profitability.
(b) Due diligence. A corporate credit union must comply with the commercial loan policy and due diligence requirements of § 723.4 of this chapter for all loans to CUSOs.
(c) Requirements for CUSOs that are not corporate CUSOs. Corporate credit union investments in and lending to CUSOs that are not corporate CUSOs are subject to part 712 of this chapter, except that investment and loan limitations and due diligence requirements are governed by this section.
(d) Requirements for Corporate CUSOs. Corporate credit union authority to invest in or loan to a corporate CUSO is limited to that provided in this section.
( 1 ) Structure. A corporate CUSO must be structured as a corporation, limited liability company, or limited partnership under state law.
( 2 ) Separate entity. (i) A corporate CUSO must be operated as an entity separate from a corporate credit union.
(ii) A corporate credit union investing in or lending to a corporate CUSO must obtain a written legal opinion that concludes the corporate CUSO is organized and operated in a manner that the corporate credit union will not reasonably be held liable for the obligations of the corporate CUSO. This opinion must address factors that have led courts to “pierce the corporate veil,” such as inadequate capitalization, lack of corporate identity, common boards of directors and employees, control of one entity over another, and lack of separate books and records.
( 3 ) Permissible activities. (i) A corporate CUSO must agree to limit its activities to:
(1) Brokerage services,
(2) Investment advisory services, and
(3) Other categories of activities as approved in writing by NCUA and as reflected in Appendix D.
(ii) Once the NCUA has approved an activity and published that activity on its website, the NCUA will not remove that particular activity from the approved list, or make substantial changes to the content or description of that approved activity, except through the formal rulemaking process.
( 4 ) Compensation Restrictions. An official of a corporate credit union which has invested in or loaned to a corporate CUSO may not receive, either directly or indirectly, any salary, commission, investment income, or other income, compensation, or consideration from the corporate CUSO. This prohibition also extends to immediate family members of officials.
( 5 ) Written Agreement between the Corporate Credit Union and Corporate CUSO. Prior to making an investment in or loan to a corporate CUSO, a corporate credit union must obtain a written agreement that the corporate CUSO:
(i) Will follow GAAP;
(ii) Will provide financial statements to the corporate credit union at least quarterly;
(iii) Will obtain an annual CPA opinion audit and provide a copy to the corporate credit union. A consolidated CUSO is not required to obtain a separate annual audit if it is included in the corporate credit union's annual audit;
(iv) Will provide the reports as required by § 712.3(d)(4) and (5) of this chapter;
(v) Will not acquire control, directly or indirectly, of another depository financial institution or to invest in shares, stocks, or obligations of an insurance company, trade association, liquidity facility, or similar organization;
(vi) Will allow the auditor, board of directors, and NCUA complete access to the CUSO's personnel, facilities, equipment, books, records, and any other documentation that the auditor, directors, or NCUA deem pertinent;
(vii) Will inform the corporate, at least quarterly, of all the compensation paid by the CUSO to its employees who are also employees of the corporate credit union; and
(viii) Will comply with all the requirements of this section.
(e) Subsidiary Restrictions. Any subsidiary of a corporate CUSO is automatically designated a corporate CUSO and subject to all the requirements of this section. The requirements of this section apply to all tiers or levels of a corporate CUSO's structure.
8. Revise § 704.14(a)(2) to read as follows:
(a) * * *
(1) * * *
(2) Only an individual who currently holds a senior staff position (e.g., position of chief executive officer, chief financial officer, chief operating officer, chief information officer, chief risk officer, treasurer/manager, etc.) at a member credit union, and will hold that position at the time he or she is seated on the corporate credit union board if elected, may seek election or re-election to the corporate credit union board;
9. In § 704.19, remove the word “corporate” before the word “CUSO”.
10. In § 704.21, revise paragraph (c) and remove paragraphs (d) and (e) to read as follows:
(a) * * *
(b) * * *
(c) The ERMC must include at least one risk management expert who can report directly to the board of directors. The risk management expert's experience must be commensurate with the size of the corporate credit union and the complexity of its operations.
11. Add Appendix D to read as follows:
Appendix D: Approved Corporate CUSO Activities.
Category—Clerical, Professional, & Management
A corporate CUSO may engage in the following clerical, professional, and management activities:
1. Business Consulting Services: Offering consulting services in support of business development, strategic planning, industry analysis, and operational efficiency.
2. Human Resources Services: Services addressing human capital needs, reporting, and management considerations to include development of policies, procedures, and employee manuals.
3. Insurance Brokerage or Agency Referrals: Making third party insurance services or products available. This may include endorsing a product or service, negotiating group discounts and making referrals.
4. Marketing and Research Services: Systematically gathering, recording, and analyzing data about issues relating to marketing credit union products and services to identify and assess how changing elements of the marketing mix affect member behavior. Producing reports of research, making recommendations for marketing strategies, and other similar market and research services.
5. Payroll Services: Management of payroll processing, reporting, and tax filing;
6. Training Services: Furnishing pre-packaged training products, developing new or customizing existing training products/modules, and facilitating education and training of credit union staff.
7. Audit & Compliance Consulting Services: Performing, as requested and agreed upon in predetermined scope arrangement, audits (internal, operational, financial, or compliance). Providing education and consultation services for developing statutory and regulatory compliance programs related to the Bank Secrecy Act, Anti Money Laundering provision, Office of Foreign Asset Control, and U.S. Patriot Act.
8. Product Development Services: Research and development of products and services specific to the needs of credit unions and their members/consumers.
A corporate credit union may engage in the following currency services:
1. Coin and Currency Services: Providing replenishment or deposit of excess coin and cash. This may include vault cash orders, ATM replenishments, and other similar services. Coin and currency services may be offered through agreement with another financial institution, direct with the Federal Reserve, through an armored car service agreement, or other similar arrangement.
2. A corporate credit union may only engage in coin and currency services if it meets the following conditions:
a. Maintain bond/liability insurance as appropriate.
b. Annually provide OCCU copy of bond/liability insurance.
A corporate credit union may engage in the following data processing services:
1. Electronic Document Management: Providing document and record management systems which may allow for document archival, reporting, secure remote access, and similar services.
2. Core processing: Offering a back-end system in a service bureau environment used to process and record daily transactions, and post updates to accounts and other financial records. This typically includes deposit, loan and credit-processing capabilities, with interfaces to general ledger systems and reporting tools, and may allow for or integrate with front-end member access platforms, subject to the following conditions:
a. Maintain business recovery plan ensuring uninterrupted operations.
b. Maintain bond/liability insurance appropriate for activity.
c. Adhere to AICPA audit standards for reporting on controls at a service organization.
d. Annually provide OCCU copy of bond/liability insurance, business contingency plans & test results.
A corporate credit union may engage in the following lending and deposit services:
1. Business Banking—Consulting and Turnkey Services: Provide either in-house, or through turnkey operation, suite of financial products. Products may include loan products, risk monitoring, and consulting services for business loan, deposit, payment and cash management products, provided that the corporate CUSO comply with the Member Business Loan Regulation—Part 723 of the NCUA Rules and Regulations.
2. Business loan origination: Provide business loan consulting and origination services. Examples of business loan origination include commercial real estate, term loans, lines of credit, construction, agriculture, SBA loans, and loan participation servicing and brokering, provided that the corporate CUSO comply with the Member Business Loan Regulation—Part 723 of the NCUA Rules and Regulations.
3. Business Loan Support Services: Provide business loan processing and sales to include pre- and post closing underwriting, risk monitoring reports, document preparation, and servicing. Loan support services may also include debt collection services and sale of repossessed collateral.
A corporate credit union may engage in the following payments and electronic transaction services:
1. Automated Clearing House (ACH): Providing services for the receipt, processing, distribution, and settlement of electronic credits and debits among financial institutions for final posting to business entities, credit unions and members/consumers. Activities include receipt of ACH files; file distribution; receipt and processing of returned items and notification of change files; offering and/or processing ACH origination files; assisting with ACH exceptions and transaction disputes; providing settlement of ACH files; and other similar ACH services, subject to the following conditions:
a. Restrict CUSO ownership to one corporate unless approved by NCUA.
b. Comply with NACHA rules.
c. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
d. Comply with the Security Program Requirements—Part 748 to safeguard consumer information.
e. Maintain bond/liability insurance as appropriate.
f. Adhere to AICPA audit standards for reporting on controls at a service organization.
g. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
h. Utilize distributed settlement model if providing services to other corporate credit unions.
2. Wire Transfer Services (Domestic and International): Electronically transferring funds through the Federal Reserve Bank, other financial institution, or other similar third-party funds transfer agent (i.e., Western Union, etc.) directly to a domestic or foreign financial institution or receiving transfer agent with final credit to business entities, credit unions, and member/consumers, subject to the following conditions:
a. Restrict CUSO ownership to one corporate unless approved by NCUA.
b. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
c. Comply with the Security Program Requirements—Part 748 to safeguard consumer information.
d. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable.
e. Prefund transactions prior to processing.
f. Maintain bond/liability insurance as appropriate.
g. Adhere to AICPA audit standards for reporting on controls at a service organization.
h. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
3. Forward Check Collection/Remote Deposit Capture Services: Offering a suite of image, electronic, and paper forward check processing, collection, clearing, settlement, adjustment, and reporting services. Deposit processing may occur as either “traditional” paper processing, electronic truncation, or image capture, processing, and transmission of check images from remote or centralized locations. Remote deposit capture services may include branch, teller, merchant, ATM, and consumer capture, and other similar forward check collection services. Activities may include resale of equipment through negotiated agreement, bundled services, and support agreements, subject to the following conditions:
a. Restrict CUSO ownership to one corporate unless approved by NCUA.
b. Comply with Federal Reserve Operating circulars and/or image clearing house operating agreements.
c. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
d. Comply with the Security Program Requirements—Part 748 to safeguard consumer information.
e. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable.
f. Maintain bond/liability insurance as appropriate.
g. Adhere to AICPA audit standards for reporting on controls at a service organization.
h. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
i. Utilize distributed settlement model if providing services to other corporate credit unions.
4. Share Draft (Check) Processing: Offering inclearing services for the receipt and processing of share drafts (checks) either as electronic images or physical checks received from the Federal Reserve Bank, image exchange networks, or through direct presentment arrangements with other financial institutions. Services include receipt and processing of inclearing checks for file distribution, processing of return files, adjustments, dispute resolution assistance, financial settlement of files, and other similar services, subject to the following conditions:
a. Restrict CUSO ownership to one corporate unless approved by NCUA.
b. Comply with Federal Reserve Operating circulars and/or image clearing house operating agreements.
c. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
d. Comply with the Security Program Requirements—Part 748 to safeguard consumer information.
e. Comply with NCUA and FFIEC Guidance for Authentication in an Internet Banking Environment as applicable.
f. Maintain bond/liability insurance as appropriate.
g. Adhere to AICPA audit standards for reporting on controls at a service organization.
h. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
i. Utilize distributed settlement model if providing services to other corporate credit unions.
5. Share Draft, Check Imaging, and Archival Services: Providing services for capturing and storing images of physical share drafts or checks for the purpose of facilitating forward check collection, maintaining electronic archives, and facilitating electronic access to check images for consumers' statements, integration with internet banking websites, and other similar purposes. Service may also include creating copies of archival history to facilitate “in-house” storage or transfers to new third-party service providers, subject to the following conditions:
a. Restrict CUSO ownership to one corporate unless approved by NCUA.
b. Comply with Federal Reserve Operating circulars and/or image clearing house operating agreements.
c. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
d. Comply with the Security Program Requirements—Part 748 to safeguard consumer information.
e. Comply with NCUA and FFIEC Guidance for Authentication in an internet Banking Environment as applicable.
f. Maintain bond/liability insurance as appropriate.
g. Adhere to AICPA audit standards for reporting on controls at a service organization.
h. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
6. Share Draft Fraud and Risk Management Services: Offering complementary services for share draft processing designed to identify and prevent checking account fraud and losses during the share draft clearing process, subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
b. Comply with the Security Program Requirements—Part 748 to safeguard consumer information.
c. Maintain bond/liability insurance as appropriate.
d. Adhere to AICPA audit standards for reporting on controls at a service organization.
e. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
7. Official Check Services: Offering business share drafts (checks), official checks, and money order programs to include processing, clearing, and settlement of items, maintaining list of issued drafts, and providing daily reports for reconciliation, subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
b. Comply with the Security Program Requirements—Part 748 to safeguard consumer information.
c. Maintain bond/liability insurance as appropriate.
d. Adhere to AICPA audit standards for reporting on controls at a service organization.
e. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
8. Lockbox & Remittance Services: Providing wholesale or small batch retail remittance processing services. Service includes receiving and processing payments, providing reports or files of activity, depositing of funds, and forward collection of items, subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
b. Comply with the Security Program Requirements—Part 748 to safeguard consumer information.
c. Maintain bond/liability insurance as appropriate.
d. Adhere to AICPA audit standards for reporting on controls at a service organization.
e. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
9. Online & Mobile Banking: Offering internet-based technological services which may provide real-time, 24/7 access to consumers' financial information. This includes the ability to manage a variety of transactional and non-transactional activities within and between accounts which may include electronic transfers, payments, on-line loan applications, and other similar banking activities. Access to accounts may be through internet web applications and/or portable electronic devices, subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
b. Comply with the Security Program Requirements—Part 748 to safeguard consumer information.
c. Comply with NCUA and FFIEC Guidance for Authentication in an internet Banking Environment as applicable.
d. Maintain bond/liability insurance as appropriate.
e. Adhere to AICPA audit standards for reporting on controls at a service organization.
f. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
10. Bill Pay and Electronic Bill Presentment and Payment (EBPP) Services: Offering services to allow consumers to send money to a creditor or vendor to be credited against a specific account. Bill payments may be executed electronically, via paper check or banker's draft, or other similar electronic payment means. Services may also include electronically presenting bills and/or billing statements, subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
b. Comply with the Security Program Requirements—Part 748 to safeguard consumer information.
c. Comply with NCUA and FFIEC Guidance for Authentication in an internet Banking Environment as applicable.
d. Maintain bond/liability insurance as appropriate.
e. Adhere to AICPA audit standards for reporting on controls at a service organization.
f. Annually provide OCCU copy of bond/liability insurance, report on controls at a service organization, business continuity plans and test results.
11. Electronic Statements/Paper Statements: Providing electronic and paper delivery of periodic account statements, subject to the following conditions:
a. Comply with the Security Program Requirements—Part 748 to safeguard consumer information.
b. Comply with NCUA and FFIEC Guidance for Authentication in an internet Banking Environment as applicable.
c. Maintain bond/liability insurance as appropriate.
d. Annually provide OCCU copy of bond/liability insurance, business continuity plans and test results.
12. Credit Card, Debit Card, and Gift or Prepaid Card Program Services: Offering debit, credit, and gift or prepaid card programs and processing to include: access to card networks and gateways, authorization and settlement of signature debit transactions, including settlement of related funds; fraud monitoring, risk management, and case support services to include neural networks and charge-back processing services; back office card support and management, reconciliation of daily settlement and adjustment processing; card maintenance, issuance, and transaction reports; card program project management and implementation; and other similar services. Gift or prepaid cards may be reloadable or non-reloadable, subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
b. Maintain bond/liability insurance as appropriate.
c. Maintain and certify compliance with current PCI/DSS (Payment Card Industry/Data Security Standards).
d. Maintain neural network or other industry standard fraud detection system.
e. Comply with network processing agreements and standards.
f. Adhere to AICPA audit standards for reporting on controls at a service organization.
g. Annually provide OCCU copy of bond/liability insurance, business continuity plans and test results, report on controls at a service organization, and PCI/DSS compliance certification.
13. Automated Teller Machine (ATM), Electronic Funds Transfer (EFT), and Point of Sale (POS) Services and Networks: Offering programs that allow access to a network of EFT terminals and ATMs to initiate PIN-based debit or ATM card transactions. ATM services include utilizing a shared ATM network, setting up a private ATM network, monitoring of ATM connectivity and availability, including the management of telecom circuits and modems, assisting with the implementation of new ATMs, ensuring data security and integrity, providing network access, authorization of PIN transactions completed at ATMs, including settlement of related funds. Other services include fraud monitoring of PIN transactions, adjustment and dispute resolution processing to include card blocking, chargeback processing, related research and other similar services, subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
b. Maintain bond/liability insurance as appropriate.
c. Maintain and certify compliance with current PCI/DSS.
d. Maintain neural network or other industry standard fraud detection system.
e. Comply with network processing agreements and standards.
f. Adhere to AICPA audit standards for reporting on controls at a service organization.
g. Annually provide OCCU copy of bond/liability insurance, business continuity plans and test results, report on controls at a service organization, and PCI/DSS compliance certification.
14. Shared Branching Services: Providing for the sharing of infrastructure to establish a private, secure, cooperative processing network that accepts transactions from members of participating credit unions. Shared branching functionality includes conducting deposits, account balance inquiries, and check cashing, and requesting funds transfers, official checks, or other similar services, subject to the following conditions:
a. Maintain Business Continuity/Disaster Recovery plan ensuring uninterrupted operations.
b. Comply with the Security Program Requirements—Part 748 to safeguard consumer information.
c. Comply with NCUA and FFIEC Guidance for Authentication in an internet Banking Environment as applicable.
d. Maintain and certify compliance with current PCI/DSS network standards or other similar shared network security standard, if applicable.
e. Maintain bond/liability insurance as appropriate.
f. Adhere to AICPA audit standards for reporting on controls at a service organization.
g. Annually provide OCCU copy of bond/liability insurance, business continuity plans and test results, report on controls at a service organization, and PCI/DSS compliance certification, if applicable.
A corporate credit union may engage in the following information technology services:
1. Web Development, Hosting, & Content Management: Developing and designing non-transaction public websites, private or internal websites, and web applications. Website hosting to include maintaining the servers and html code for public and private websites, intranets, and Web applications used on customer websites. Offering web content management (WCM) systems to simplify the publication of web content and updates to websites and mobile devices, subject to the following conditions:
a. Maintain business recovery plan ensuring uninterrupted operations.
b. Maintain bond/liability insurance appropriate for activity.
c. Adhere to AICPA audit standards for reporting on controls at a service organization.
d. Annually provide OCCU copy of bond/liability insurance, business contingency plans & test results.
2. Web Authentication & Security Monitoring: Web security and monitoring services such as authentication and encryption of passwords and other similar techniques for secure member login to intranets, extranets, and private websites; host based intrusion protection and detection; log monitoring; hacker-safe monitoring programs; and configuration and daily administration web security and other similar monitoring services, subject to the following conditions:
a. Comply with the Security Program Requirements—Part 748 of the NCUA Rules and Regulations.
b. Comply with NCUA and FFIEC Guidance for Authentication in an internet Banking Environment as applicable.
c. Maintain bond/liability insurance appropriate for activity.
d. Adhere to AICPA audit standards for reporting on controls at a service organization.
e. Annually provide OCCU copy of bond/liability insurance, business contingency plans & test results.
3. Software Systems Development/Application Programming Interface (API) Development: Designing, coding, testing and updating custom software system data programs and other code (e.g., scripts). Application Programming Interface (API) development includes developing, testing, and updating custom applications which interface with other existing systems and applications such as core processing systems, subject to the following conditions:
a. Comply with the Security Program Requirements—Part 748 of the NCUA Rules and Regulations.
b. Conduct independent code review for custom software systems and applications.
c. Adhere to audit standards for third-party service providers.
d. Maintain source code for custom developed software systems in escrow or in similar arrangement.
4. Secure Collaboration Services: Programs, systems, or sites for establishing secure communication channels for private document storage and distribution, and dissemination of confidential or sensitive information for the purpose of collaboration between authorized parties, provided that the corporate CUSO complies with the Security Program Requirements—Part 748 of the NCUA Rules and Regulations.
5. Information Technology (IT) Consulting and Management Services: Consulting and management services for IT infrastructure design and architecture, system security, administration, support, resource management and monitoring. Services include offering Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and planning and management, and the provisioning of hardware and software for business continuity planning to include online data backup and recovery services, subject to the following conditions:
a. Comply with the Security Program Requirements—Part 748 and Records Preservation Program and Records Retention Appendix—Part 749 of the NCUA Rules and Regulations.
b. Maintain bond/liability insurance appropriate for activity.
c. Annually provide OCCU copy of bond/liability insurance, vendor due diligence reports, security program, business contingency plans & test results.
A corporate credit union may engage in the following investment/ALM services:
1. Asset Liability Management (ALM) Consulting, Advisory, and Reporting Services: Consulting, advisory, and reporting services for balance sheet and interest rate risk management. This includes ALM interest rate risk modeling, measurement, and reporting; ALM model validation services; consulting services for ALM policy development, core deposit studies, lending pool analysis and valuations, and other similar services.
Footnotes
1. 12 U.S.C. 1751 et seq.
Back to Citation3. 12 U.S.C. 1789.
Back to Citation5. 12 CFR part 704.
Back to Citation6. 75 FR 64786 (Oct. 20, 2010).
Back to Citation7. See e.g., 80 FR 25932 (May 6, 2015), 80 FR 57283 (Sept. 23, 2015), and 82 FR 55497 (Nov. 22, 2017).
Back to Citation8. 82 FR 55497 (Nov. 22, 2017).
Back to Citation9. See, https://www.ncua.gov/regulation-supervision/rules-regulations/regulatory-review.
Back to Citation10. See, 12 CFR 704.11(e).
Back to Citation11. 12 CFR 704.11(a).
Back to Citation12. For example, the permissible activities for a corporate CUSO are more limited than the permissible activities for a NP CUSO. A corporate CUSO may seek Board permission to engage in additional activities, but the process can be burdensome. In addition, corporate CUSOs are also subject to more rigorous NCUA oversight. A corporate CUSO must agree to give the NCUA complete access to its personnel, facilities, equipment, books, records, and other documentation that the NCUA deems pertinent. In contrast, NP CUSOs must provide the NCUA with complete access to its books and records and the ability to review its internal controls, as deemed necessary by the NCUA. Finally, corporate CUSOs must provide quarterly financial statements to the corporate credit union. In contrast, NP CUSOs must prepare quarterly financial statements, but do not have to provide the statements to FCUs.
Back to Citation13. 74 FR 65210 (Dec. 9, 2009).
Back to Citation14. Id.
Back to Citation15. 12 CFR 704.11(a).
Back to Citation16. The proposed definition is related to the definition of control in the Federal Deposit Insurance Act for notices filed under the Change in Bank Control Act. 12 U.S.C. 1817(j).
Back to Citation17. 12 CFR 704.11(b). In general, the aggregate of all investments in corporate CUSOs that a corporate credit union may make must not exceed 15 percent of a corporate credit union's total capital. The aggregate of all investments in and loans to corporate CUSOs that a corporate credit union may make must not exceed 30 percent of a corporate credit union's total capital. A corporate credit union may lend to corporate CUSOs an additional 15 percent of total capital if the loan is collateralized by assets in which the corporate has a perfected security interest under state law.
Back to Citation18. 12 CFR 704.11(c). The current rule includes a cross-reference to due diligence requirements in the member business loan rule. The member business loan rule, however, was updated in 2015 and the cross-referenced requirements have been removed. Accordingly, the proposed rule would update the cross references to reflect the revised member business loan rule.
Back to Citation19. 12 CFR 723.4.
Back to Citation20. The proposed rule would include a few non-substantive language changes that are only intended to streamline the provision and enhance clarity.
Back to Citation21. 12 CFR 704.19(a).
Back to Citation22. The Board notes, however, that part 712 prohibits officials and senior management employees, and their immediate family members of an FCU with an outstanding loan or investment from receiving any salary, commission, investment income, or other income or compensation from the CUSO, either directly or directly. 12 CFR 712.8.
Back to Citation23. 12 CFR 704.14.
Back to Citation24. 12 CFR 704.21.
Back to Citation25. 76 FR 23861 (Apr. 29, 2011) and 80 FR 25932 (May 6, 2015).
Back to Citation26. 12 CFR 704.21(c).
Back to Citation27. 12 CFR 704.21(d).
Back to Citation28. 76 FR 23861 (Apr. 29, 2011).
Back to Citation29. Available at, https://www.ncua.gov/files/publications/regulations/proposed-rule-subordinated-debt.pdf (Feb. 7, 2020).
Back to Citation30. See the definition of tier 1 capital in 12 CFR 704.2.
Back to Citation31. 12 CFR 712.5(b).
Back to Citation32. https://www.ncua.gov/regulation-supervision/corporate-credit-unions/corporate-cuso-activities/approved-corporate-cuso-activities.
Back to Citation33. The prohibition on purchasing CDOs was intended to protect corporate credit unions from the potential for excessive investment losses. 75 FR 64786, 64793 (Oct. 20, 2010).
Back to Citation34. 12 CFR 704.2.
Back to Citation35. 12 CFR 704.8(e).
Back to Citation36. 12 CFR 704.8(f).
Back to Citation37. See 80 FR 57512 (Sept. 24, 2015).
Back to Citation[FR Doc. 2020-03837 Filed 3-26-20; 8:45 am]
BILLING CODE 7535-01-P