May 2005 update to the Commercial Bank Examination Manual.
1. Interagency Statement on the Purchase and Risk Management of Life Insurance. A new section discusses this December 7, 2004, statement placing emphasis on the safety and soundness and risk-management implications of purchases and holdings of life insurance by banks. The agencies issued the guidance because they were concerned that some institutions may not have an adequate understanding of the risks associated with bank-owned life insurance (BOLI), including liquidity, operational, reputational, and compliance or legal risks. Further, institutions may have committed a significant amount of capital to BOLI holdings without properly assessing the associated risks. When an institution is planning to acquire BOLI that will result in an aggregate cash surrender value in excess of 25 percent of its tier 1 capital plus the allowance for loan and lease losses, the agencies expect the institution to obtain the approval of its board of directors or its designated board committee. The guidance addresses the need for institutions to conduct a comprehensive pre- and post-purchase analysis of BOLI, including its unique characteristics, risks, and rewards. Institutions are expected to have comprehensive risk-management processes for their BOLI purchases and holdings; these processes should be consistent with safe and sound banking practices. See SR letters 04-4 and 04-19.
2. Interagency Advisory on Accounting for Deferred Compensation Agreements and Bank-Owned Life Insurance. A new section, "Deferred Compensation Agreements" provides guidance from this February 11, 2004, interagency advisory. The advisory was issued because the agencies, through the examination process, had identified many institutions that had incorrectly accounted for the obligations under a type of deferred compensation agreement commonly referred to as a revenue neutral plan or an indexed retirement plan. The advisory informs institutions that they need to review their accounting for deferred compensation agreements to ensure that they have been appropriately measured and reported. Since institutions often purchase life insurance in conjunction with established deferred compensation programs, the advisory also discusses the appropriate accounting treatment for BOLI. The revised "Other Assets and Other Liabilities" section includes the accounting treatment for BOLI. See SR letters 04-04 and 04-19.
3. Interagency Joint Guidance on Overdraft Protection Programs. The sections entitled "Consumer Credit" have been revised to discuss the various types, characteristics, and fee structures of a bank's ad hoc and automated overdraft programs. The sections also include the February 18, 2005, interagency guidance that addresses the agencies' concerns about the potentially misleading implementation, marketing, and disclosure practices associated with the operation of these programs. Financial institutions are encouraged to review their overdraft-protection policies and procedures to make certain that their marketing and communications do not mislead consumers or encourage irresponsible consumer financial behavior that could increase the institution's risk. The guidance also addresses the safety and soundness considerations, risk-based capital treatment, and legal risks associated with overdraft-protection programs.
The sections entitled "Deposit Accounts" have also been revised to discuss this interagency guidance, which was issued to assist banks in the responsible disclosure and administration of their overdraft-protection programs. The guidance states that banks should establish and monitor written policies and procedures for ad hoc and automated, or other overdraft-protection programs. A bank's policies and procedures should be adequate to address the credit, operational, and other risks associated with these types of programs. The examination procedures and internal control questionnaires have been updated to incorporate the guidance. See SR letter 05-3 and CA letter 05-2.
4. Foreign Correspondent Accounts. The "Bank-Related Organizations" section has been revised to incorporate the U.S. Department of the Treasury's regulation regarding foreign correspondent accounts. See 31 CFR 103.177 (amended December 24, 2002) and 103.185. The regulation became effective October 28, 2002, and implemented sections 313 and 319(b) of the USA Patriot Act. A covered financial institution (CFI) is prohibited from establishing, maintaining, administering, or managing a correspondent account in the United States for, or on behalf of, a foreign shell bank (a foreign bank that has no physical presence in the United States or other jurisdictions) that is not affiliated (1) with a U.S.-domiciled financial institution or (2) with a foreign bank that maintains a physical presence in the United States or a foreign country and is supervised by its home-country banking authority. A CFI that maintains a correspondent account for a foreign bank in the United States must maintain records in the United States identifying the owners of the bank. See SR letter 03-17 and the October 2003 Bank Secrecy Act Examination Procedures for Correspondent Accounts for Foreign Shell Banks; Recordkeeping and Termination of Correspondent Accounts for Foreign Banks. See also SR letter 01-29.
5. Interagency Guidelines Establishing Information Security Standards and Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice. The sections entitled, "Information Technology" have been revised to include the Board's December 16, 2004, adoption of rule changes (effective July 1, 2005) that implement section 216 of the Fair and Accurate Credit Transactions Act of 2003, and amend the Interagency Guidelines Establishing Standards for Safeguarding Customer Information. See the Board's December 21, 2004, press release. To address the risks associated with identity theft, financial institutions are required to make modest adjustments to their information security programs to develop, implement, maintain, and monitor, as part of their existing information security program, appropriate measures to properly dispose of consumer and customer information derived from credit reports. Each financial institution must contractually require its service providers to develop appropriate measures for the proper disposal of the institution's consumer and customer information and, when warranted, monitor its service providers to confirm that they have satisfied their contractual obligations.
The sections have also been revised to include the Board's March 21, 2005, adoption of the jointly issued Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice. See the Board's March 23, 2005, press release. Financial institutions are to develop and implement a response program designed to address incidents of unauthorized access to sensitive customer information, maintained by the institution or its service provider, that could result in substantial harm or inconvenience to the customer. Each financial institution has the flexibility to design a risk-based response program tailored to the size, complexity, and nature of its operations. Customer notice is a key feature of an institution's response program. See Regulation H, appendix D-2, supplement A (12 CFR 208, appendix D-2, supplement A). The examination objectives, examination procedures, and the internal control questionnaire have been updated to incorporate or reference the rule changes and the interagency guidance.
6. Interagency Advisory on the Confidentiality of the Supervisory Rating and Other Nonpublic Supervisory Information. The February 28, 2005, advisory reminds banking organizations of the statutory prohibitions on the disclosure of supervisory ratings and other confidential supervisory ratings to third parties. See SR letter 05-4.
7. Customer Identification Programs. The "Private Banking" section has been revised to incorporate new and enhanced statutory requirements of the USA Patriot Act (the act). The requirements are designed to prevent, detect, and prosecute money laundering and terrorist financing. For banking organizations, the act's provisions are implemented through regulations issued by the U.S. Department of the Treasury (31 CFR 103). Section 326 of the USA Patriot Act (codified in the BSA at 31 U.S.C. 5318)(l) requires financial institutions to have customer identification programs, that is, programs to collect and maintain certain records and documentation on customers. Institutions should also develop and use identity verification procedures to ensure the identity of customers. See SR letter 04-13, which describes the BSA examination procedures for customer identification programs; examiners should follow these procedures when evaluating compliance with the regulation. See also SR letters 03-17 and 01-29. Relevant interagency interpretive guidance, in a question-and-answer format, addresses the customer identification rules. See SR letter 05-9.
A more detailed summary of changes is included with the update package. Copies of the new supplement were shipped directly by the publisher to the Reserve Banks for distribution to examiners and other System staff members. The public may obtain the Manual and the updates (including pricing information) from Publications Fulfillment, Mail Stop 127, Board of Governors of the Federal Reserve System, 20th and C Streets, N.W., Washington, DC 20551; telephone (202) 452-3244; or send a facsimile to (202) 728-5886. The Manual is also available on the Board's public web site at www.federalreserve.gov/boarddocs/supmanual/.
|Printer friendly Cite/link Email Feedback|
|Publication:||Federal Reserve Bulletin|
|Date:||Jun 22, 2005|
|Previous Article:||Publication of the International Journal of Central Banking.|
|Next Article:||Agencies release Bank Secrecy Act/Anti-Money Laundering Examination Manual.|