The Federal Reserve Bank of San Francisco
Home Careers Fed Links Subscriptions
Banking Information

District Circular Letters

March 6, 2001

BANKING SUPERVISION AND REGULATION:
COMMENT PERIOD EXTENDED ON REAL
ESTATE ACTIVITIES PROPOSAL,
FINAL RULE ON ALTERNATIVE TO RATED
DEBT REQUIREMENT, REVISED CAPITAL PROPOSAL
FOR NONFINANCIAL EQUITY INVESTMENTS, AND
GUIDELINES FOR CUSTOMER INFORMATION SECURITY

To State Member Banks, Bank
Holding Companies, U.S. Branches
and Agencies of Foreign Banks,
and Others Concerned,
in the Twelfth Federal Reserve District

Federal Reserve and Treasury Extend Comment Period on Real Estate Activities Proposal (R-1091) PDF-92KB

Please refer to our letter dated January 18, 2001, which describes a request for comment on whether real estate brokerage and real estate management are activities that are financial in nature or incidental to a financial activity and therefore permissible for financial holding companies and financial subsidiaries of national banks.

The comment period has been extended to May 1, 2001.

Federal Reserve and Treasury Announce Final Rule on Alternative to Rated Debt Requirement for Financial Subsidiaries (R-1066) PDF-22KB

The Federal Reserve Board and the Secretary of the Treasury has approved a final rule establishing the alternative criteria that certain large banks may satisfy in order to control a financial subsidiary under the Gramm-Leach-Bliley Act.

Under the act, a national or state member bank ranked among the largest 50 insured banks may control a financial subsidiary only if the bank meets certain criteria, including having an issue of highly rated debt outstanding. The next 50 largest insured banks may control a financial subsidiary if they satisfy this debt rating requirement or if they satisfy an alternative comparable requirement jointly established by the Treasury and the Federal Reserve Board. Under the final rule, a bank meets the alternative requirement if it has a current long-term issuer credit rating from a nationally recognized statistical rating organization that is within the three highest investment-grade categories used by the rating organization.

The final rule was effective March 2, 2001.

Agencies Release Revised Capital Proposal for Nonfinancial Equity Investments (R-1097)

The Federal Reserve Board and the Office of the Comptroller of the Currency has proposed new rules governing the regulatory capital treatment for equity investments in nonfinancial companies held by banks, bank holding companies, and financial holding companies.

The new proposed capital treatment, revised in response to public comment and in consultation with the Treasury Department and other federal banking agencies, represents a significant modification of a proposal made by the Federal Reserve Board in March 2000 (Please see our letter dated March 29, 2000).

The new proposal would apply to banks and their holding companies and would apply to equity investments made under the new merchant banking authority granted by the Gramm-Leach-Bliley Act and to equity investments in nonfinancial companies made under other specifically legal authorities.

The new proposal would generally impose a capital charge that would increase in steps as the banking organization's level of concentration in equity investments increased. An eight percent Tier 1 capital deduction would apply on covered investments that in the aggregate represent up to 15 percent of an organization's Tier 1 capital. A top marginal charge of 25 percent would be set for covered investments that aggregate more than 25 percent of the organization's Tier 1 capital.

Equity investments through small business investment companies would be exempt from these new capital deduction requirements and would continue to be subject to the same capital requirements that presently apply, unless the value of those investments exceeds 15 percent of the bank's Tier 1 capital. Grandfathered investments under section 24(f) of the Federal Deposit Insurance Act would also be exempt under the new proposal.

Under the proposal, the agencies would also heighten their monitoring of banking organizations as the level of concentration in equity investment increases.

Comments are requested by April 16, 2001.

Agencies Adopt Guidelines for Customer Information Security (R-1073) PDF-10KB

The federal bank and thrift regulatory agencies have adopted joint guidelines for safeguarding confidential customer information. The guidelines implement section 501(b) of the Gramm-Leach-Bliley Act (GLBA), and will be effective on July 1, 2001.

The GLBA requires the agencies to establish standards for financial institutions relating to administrative, technical, and physical safeguards for customer records and information. These safeguards are to perform the following functions:

  • Ensure the security and confidentiality of customer records and information

  • Protect against any anticipated threats or hazards to the security or integrity of these records

  • Protect against unauthorized access to or use of these records or information that would result in substantial harm or inconvenience to a customer

The guidelines require financial institutions to establish an information security program to:

  1. Identify and assess the risks that may threaten customer information,

  2. Develop a written plan containing policies and procedures to manage and control these risks

  3. Implement and test the plan,

  4. Adjust the plan on a continuing basis to account for changes in technology, the sensitivity of customer information, and internal or external threats to information security.

Each institution may implement a security program that is appropriate to its size and complexity and the nature and scope of its operations.

The guidelines outline specific security measures that institutions should consider in implementing a security program. A financial institution must adopt those security measures determined to be appropriate.

The guidelines also outline responsibilities of directors of financial institutions in overseeing the protection of customer information. The board of directors should oversee an institution's efforts to develop, implement, and maintain an effective information security program and approve written information security policies and programs.

The guidelines require financial institutions to oversee their service provider arrangements in order to protect the security of customer information maintained or processed by service providers. Each institution must exercise due diligence in selecting its service providers, and require its service providers by contract to implement security measures that safeguard customer information. When indicated by an institution's risk assessment, the institution must also monitor its service providers by reviewing audits, summaries of test results, or other equivalent evaluation of its service providers to confirm that they have satisfied their contractual obligations.

Copies

Copies of the notices summarized in this letter (Dockets R-1066, R-1097, R-1073) are available from our Corporate Services Department. To request copies to be sent by mail, please call (415) 974-2060.

All circulars and documents are available on the Internet through the Board of Governors' web site at http://www.federalreserve.gov.

Additional Information

For additional information, please call the following Banking Supervision and Regulation Department numbers:

Docket R-1091 (415) 974-3007

Docket R-1066 (415) 974-2926

Docket R-1073 (415) 974-2995

Docket R-1097 (415) 974-3177

FEDERAL RESERVE BANK OF SAN FRANCISCO