District Circular Letters
June 13, 2001
BANKING SUPERVISION AND REGULATION:
ADVISORY ON RATE-SENSITIVE DEPOSITS
SAFEGUARDING CUSTOMER INFORMATION
REGULATION Y: TECHNICAL AMENDMENTS
To State Member Banks, Bank
Holding Companies, U.S. Branches
and Agencies of Foreign Banks,
and Others Concerned,
in the Twelfth Federal Reserve District
Joint Agency Advisory on Rate-Sensitive Deposits (SR
01-14 [SUP])
The Federal Reserve, along with the other federal banking agencies, issued
an interagency advisory on brokered and rate-sensitive deposits to highlight
the potential risks associated with excessive reliance on such deposits.
The advisory also gives guidance on prudent risk identification and management
for these types of funding. A copy of the guidance is attached.
The advisory notes that deposits raised through intermediary sources,
such as deposit brokers, the Internet, and other automated service providers,
may be less stable than traditional deposits, in large part because these
depositors may have no other relationship with the institution and may
rapidly shift funds to a different institution or investment in search
of a higher return. In some cases, banking organizations have used these
rate-sensitive funds to support rapid loan and asset growth, raising safety
and soundness concerns.
Banking organizations are expected to implement appropriate risk management
systems to assess and control the risks in these types of funding. Such
systems should include appropriate funds management policies, adequate
due diligence in assessing deposit brokers and financial risks, reasonable
control and limit structures, adequate management information systems,
and contingency funding plans. The advisory points out the need for examiners
to focus an appropriate level of supervisory attention on institutions
with a meaningful reliance on rate-sensitive deposits, and to take appropriate
action, if warranted. The advisory also sets forth a list of potential
red flags that may indicate the need for closer supervisory review.
Standards for Safeguarding Customer Information (SR
01-15 [SUP])
The federal banking agencies jointly issued guidelines establishing standards
for safeguarding customer information ("Guidelines"), which
will become effective July 1, 2001.
The Guidelines implement section 501 of the Gramm-Leach-Bliley Act, which
requires the agencies to establish standards for financial institutions
relating to administrative, technical, and physical safeguards for customer
records and information. The attached Guidelines were issued by the Federal
Reserve as appendices to Regulations H and Y, and apply to customer information
maintained by state member banks, bank holding companies, Edge and agreement
corporations, and uninsured state-licensed branches and agencies of foreign
banks.
The Guidelines require institutions to establish an information security
program to assess and control risks to customer information. Each institution
may implement an information security program appropriate to its size
and complexity and the nature and scope of its operations. The board of
directors should oversee an institution's efforts to develop, implement,
and maintain an effective information security program and approve written
information security policies and programs.
The Guidelines outline specific security measures that banking organizations
should consider in implementing a security program based on the size and
complexity of their operations. Training and testing are also critical
components of an effective information security program. Financial institutions
are specifically required to oversee their service provider arrangements
in order to protect the security of customer information that is maintained
or processed by service providers.
The Federal Reserve recognizes that banking organizations are highly
sensitive to the importance of safeguarding customer information and the
need to maintain effective information security programs. Existing examination
procedures and supervisory processes already address information security.
As a result, most banking organizations should not need to implement new
controls and procedures.
Examiners will assess compliance with the Guidelines during each safety
and soundness examination or examination cycle (which may include targeted
reviews of information technology) subsequent to the July 1, 2001 effective
date of the Guidelines and monitor ongoing compliance as needed during
the risk-focused examination process. Material instances of non-compliance
should be noted in the report of examination. The attached guidance was
developed to assist examiners in documenting a financial institution's
compliance with the Guidelines.
Bank Holding Companies and Change in Bank Control: Technical Amendments
(Dockets R-1078
and R-1094)
The Board of Governors of the Federal Reserve System is adopting technical
amendments to the financial holding company provisions of Regulation Y
to restore provisions that were adopted in December 2000, and inadvertently
deleted from the Code of Federal Regulations. Please review our letter
dated January 18, 2001.
On December 19, 2000, the Board adopted a final rule permitting financial
holding companies to act as a finder. (See the December 22, 2000, edition
of the Federal Register, which added a new paragraph (d) to 12
CFR 225.86.) On December 27, 2000, the Board also adopted, on an interim
basis and jointly with the Secretary of the Treasury, a rule that implemented
the financial activity provisions of section 4(k)(5) of the Bank Holding
Company Act (12 U.S.C. 1843(k)(5)). (See the January 3, 2001, edition
of the Federal Register, which added a new paragraph (e) to 12
CFR 225.86.)
Due to delays in the publication of these rules in the Federal Register
and the effective dates of other rules adopted by the Board in late 2000
and early 2001, paragraphs (d) and (e) of section 225.86 were inadvertently
deleted in the final publication of the Code of Federal Regulations (CFR).
Accordingly, the Board has adopted these technical amendments to ensure
the prior actions taken by the Board are included in the CFR. These amendments
restore in final form 12 CFR 225.86(d) as adopted by the Board on December
19, 2000, and restore in interim form 12 CFR 225.86(e) as adopted by the
Board on December 27, 2000. The Board will review comments received on
the interim provisions of section 225.86(e) (Docket R-1094) in connection
with its adoption of a final rule regarding the provisions of that paragraph.
The Board previously has reviewed the amendments under the Paperwork
Reduction Act (44 U.S.C. 3506; 5 CFR Appendix A.1) and the Regulatory
Flexibility Act (5 U.S.C. 601 et seq.). See December 22, 2000 and January
3, 2001 editions of the Federal Register. In addition, the Board
previously has solicited and considered public comments on section 225.86(d)
of the rule under the Administrative Procedures Act (5 U.S.C. 553) (APA),
and previously has determined under 5 U.S.C. 553(d)(3) of the APA that
there is good cause to make the provisions of section 225.86(e) of the
rule effective immediately and prior to the review of public comments.
All circulars and documents are available on the Internet through the
Federal Reserve Bank of San Francisco's Internet site, at http://www.frbsf.org/banking/letters.
Additional Information
For additional information on the above matters, please contact our Banking
Supervision and Regulation Department, at the following telephone numbers:
|
SR 01-14
|
(415) 974-1225
|
|
SR 01-15
|
(415) 974-2995
|
|
Docket R 1078 and 1094
|
(415) 974-3007
|
FEDERAL RESERVE BANK OF SAN FRANCISCO
Attachments: SR
01-14 [SUP]; SR
01-15 [SUP]; and Dockets R-1078
and R-1094
|
