intercompany transactions section 2020 - federal reserveintercompany transactions (transactions...

Intercompany TransactionsSection 2020.0

WHAT’S IN THIS SECTION

This section was revised as of January 2008 toincorporate references to the Federal ReserveBoard’s Regulation W, primarily with regard tothe bank holding company (BHC) inspectionprocess. The section includes also a discussionof the mandatory reporting of certain intercom-pany transactions on the FR Y-8, The BankHolding Company Report of Insured DepositoryInstitutions’ Section 23A Transactions withAffiliates, and its instructions. The mandatoryreport is to be submitted quarterly to the Fed-eral Reserve by (1) all top-tier BHCs, includingfinancial holding companies, and (2) all foreignbanking organizations that directly own a U.S.subsidiary bank. The examiner’s inspectionresponsibilities are discussed.

2020.0.1 ANALYSIS OFINTERCOMPANY TRANSACTIONS

The analysis of intercompany transactionsbetween a parent company, its nonbank sub-sidiaries, and its bank subsidiaries is primarilyintended to assess the nature of the relation-ships between these entities and the effect of therelationships on the subsidiary insured deposi-tory institutions (IDIs). IDIs include any statebank, national bank, trust company, or bankingassociation and any institution that takes depos-its that are insured by the Federal Deposit Insur-ance Corporation, including savings associa-tions. Both the legal and financial ramificationsof such transactions are areas of concern.Certain intercompany transactions are subject tothe provisions of section 23A or 23B (or both)of the Federal Reserve Act and the FederalReserve Board’s Regulation W. Section 23A ofthe Federal Reserve Act is one of the mostimportant statutes on limiting exposures toindividual institutions and protecting the fed-eral safety net. Several types of intercompanytransactions and the primary regulatoryconcerns of each are presented below.

Dividends paid by subsidiaries to the parent.Dividends are a highly visible cash outflow bysubsidiaries. If the dividend payout ratioexceeds the level at which the growth ofretained earnings can keep pace with the growthof assets, the subsidiary’s capital ratios willdeteriorate. These dividends may also have a

negative effect on the subsidiary’s liquidityposition.

Transactions with affiliates. Transactionsbetween subsidiary IDI affiliates is another areaof potential abuse of subsidiary banks. Regula-tory concern centers on the quantitative limitsand collateral restrictions on certain transactionsby subsidiary banks with their affiliates. Theserestrictions are designed to protect subsidiaryIDIs from losses resulting from transactionswith affiliates.

Fees paid by subsidiaries. Management or ser-vice fees are another cash outflow of banksubsidiaries. These fees may be paid to theparent, the nonbank subsidiaries, or, in somecases, to the other bank subsidiaries. Regulatoryconcern focuses on whether such fees are rea-sonable in relation to the services rendered andon the financial impact of the fees on the banksubsidiaries.

Tax allocation. How a bank holding companyorganization determines to allocate taxes amongits component companies involves questions ofboth the magnitude and timing of the cash-floweffects. Unreasonable or untimely tax paymentsor refunds to the bank can have an adverseeffect on the financial condition of the bankingsubsidiaries.

Purchases or swaps of assets. Asset purchasesor swaps between a bank and its affiliates cancreate the potential for abuse of subsidiarybanks. Regulatory concern focuses on the fair-ness of such asset transactions and their finan-cial impact and timing. Fairness and financialconsiderations include the quality and collect-ibility and fair values of such assets and theirliquidity effects. IDIs generally are prohibitedfrom purchasing low-quality assets from affili-ates. Asset exchanges may be a mechanism toavoid regulations designed to protect subsidiarybanks from becoming overburdened with non-earning assets. Improper timing or certain struc-turings of asset transactions also can cause themto be regarded as extensions of credit to affili-ates. As such, these types of transactions couldpotentially violate applicable regulations andstatutes.

BHC Supervision Manual January 2014

Compensating balances. A subsidiary bank maybe required to maintain excess balances at acorrespondent bank that lends to other parts ofthe holding company organization, possibly tothe detriment of the bank. The subsidiary bankmay be foregoing earnings on such excessfunds, which may adversely affect its financialcondition.

Other expense allocations. In general, a subsidi-ary bank should be adequately compensated forits services or for the use of its facilities andpersonnel by other parts of the holding companyorganization. Furthermore, a subsidiary bankshould not pay for expenses for which it doesnot receive a benefit.

2020.0.2 ROLE OF THE EXAMINER

To properly assess intercompany transactionsand relationships between affiliates, the exam-iner must make a thorough analysis of mostintercompany transactions and must have aknowledge of applicable laws, regulations, andrulings. In particular, the examiner should befamiliar with sections 23A and 23B of the Fed-eral Reserve Act and the Board’s Regulation W.The examiner should also be familiar with theFR Y-8, The Bank Holding Company Report ofInsured Depository Institutions’ Section 23ATransactions with Affiliates, and its instructions.

The mandatory report is to be submitted to theFederal Reserve by (1) all top-tier bank holdingcompanies (BHCs), including financial holdingcompanies, and (2) all foreign banking organiza-tions that directly own a U.S. subsidiary bank.The completed quarterly reports are used by theFederal Reserve System to monitor bank expo-sures to affiliates and to ensure banks’ compli-ance with section 23A of the Federal ReserveAct. With regard to the BHC’s inspection, theexaminer should review and verify, since theprevious inspection, the BHC’s accuracy andcomprehensiveness in its reporting based on theFR Y-8 report form and instructions.

If a subsidiary IDI of a holding company isnot a state member bank, the bank’s primaryregulator should determine the bank’s compli-ance with pertinent banking laws. In reviewingthe subsidiary bank’s examination report, anyviolations of laws and regulations applicable tointercompany transactions should be noted. Ifthe violation resulted from the actions of anaffiliate, the affiliate’s role should be identifiedand be subject to criticism in the inspectionreport.

Violations of banking laws discovered duringthe inspection should be brought to manage-ment’s attention and referred to the bank’s pri-mary supervisor. However, any action or criti-cism levied directly on the bank should comefrom the bank’s primary supervisor.

Intercompany Transactions 2020.0

BHC Supervision Manual January 2014

Intercompany Transactions (Transactions Between Member Banks and TheirAffiliates—Sections 23A and 23B of the Federal Reserve Act) Section 2020.1

2020.1.01 WHAT’S NEW IN THISREVISED SECTION

This section has been revised to discuss statu-tory amendments of sections 23A and 23B of theFederal Reserve Act resulting from the Dodd-Frank Act. One amendment involved the defini-tion of an “affiliate,” with regard to an invest-ment fund when an insured depositoryinstitution (IDI) or one of its affiliates is aninvestment adviser. Also, the definition of “cov-ered transactions” was revised to include thecredit exposure resulting for derivative andsecurities lending and borrowing transactionsbetween the IDI and its affiliates. In addition,the Dodd-Frank Act removed the quantitative 10percent exemption limit between financial sub-sidiaries. The retained earnings of a financialsubsidiary are to be included as part of theIDI’s investment. The amendments were effec-tive July 21, 2012. (See sections 608(a)(1)(A),608(a)(1)(B), and 609(a) of the Dodd-FrankAct.)

Revised inspection objectives and inspectionprocedures also are included.

2020.1.05 SECTIONS 23A AND 23BOF THE FEDERAL RESERVE ACT,AND REGULATION W

Section 23A of the Federal Reserve Act (FRA)restricts the ability of insured depository insti-tutions (IDIs)1 to engage in certain coveredtransactions with an affiliate. Transactions thatare subject to section 23A also are subject tothe provisions of section 23B of the FRA.2 Inaddition to these statutory provisions, theBoard issued Regulation W (the rule),3 whichimplements sections 23A and 23B of the FRA.The rule provides several exemptions and com-bines the statutory restrictions on transactions

between a member bank and its affiliates withnumerous previously issued Board inter-pretations.

During a bank holding company inspection,transactions between an IDI and an affiliate (forexample, a bank holding company parent orother nonbank subsidiary) are reviewed forcompliance with sections 23A and 23B andRegulation W, as well as other banking regula-tions and statutes. Any violations of sec-tions 23A and 23B of the FRA or Regulation Winvolving a transaction between an IDI and itsaffiliate that are disclosed or found during aninspection should be brought to management’sattention, may be discussed in the inspectionreport as ‘‘Other Matters,’’ and referred to thebank’s primary supervisor. However, any actionor criticism levied directly on the bank shouldcome from the bank’s primary supervisor. Seealso SR-03-2.

2020.1.1 SECTION 23A OF THEFEDERAL RESERVE ACT

Section 23A of the FRA (12 U.S.C. 371c) is theprimary statute governing transactions betweenan IDI and its affiliates. Section 23A (1) desig-nates the types of companies that are affiliates ofan IDI; (2) specifies the types of transactionscovered by the statute; (3) sets the quantitativelimitations on an IDI’s covered transactionswith any single affiliate, and with all affiliatescombined; (4) sets forth collateral requirementsfor certain transactions with affiliates; and(5) requires all covered transactions to be con-ducted on terms consistent with safe and soundbanking practices.

2020.1.1.1 Definition of an Affiliate

In general, companies that control or are undercommon control with an IDI are defined bysection 23A as ‘‘affiliates’’ of the bank. Thedefinition includes a bank subsidiary of a bankand any company that a bank, or its subsidiariesor affiliates, sponsors and advises on acontractual basis.4 Affiliates, for example, may

1. By their terms, sections 23A and 23B apply to banks

that are members of the Federal Reserve System (‘‘member

banks’’). Other federal laws subject FDIC-insured non-

member banks and FDIC-insured thrifts to sections 23A and

23B in the same manner and to the same extent as if

they were member banks. (See 12 U.S.C. 1828(j) and

12 U.S.C.1468(a)(4)). The statute also states that most subsid-

iaries of a member bank are to be treated as part of the

member bank itself for purposes of sections 23A and 23B.

Because the statute and regulation apply to all insured deposi-

tory institutions, this section will refer to the subject institu-

tions as insured depository institutions (IDIs).

2. Federally insured savings associations also are subject

to sections 23A and 23B as if they were banks.

3. In this section of the manual, Regulation W is referred

to as ‘‘the rule’’ or to a specific numbered section of the rule.

4. The Board has the authority to expand the definition of

affiliate to include a company that has a relationship with the

bank so that covered transactions between the company and

BHC Supervision Manual July 2014Page 1

include banks, financial holding companies,savings and loan holding companies, and theirsubsidiaries. Banks, savings associations, andnonbanking companies that are under commonindividual control or a group of individuals withthe bank also are affiliates for the purposes ofsection 23A. Any investment fund with respectto which a member bank or affiliate thereof is aninvestment adviser. See section 608(a)(1)(A) ofthe Dodd-Frank Act. In addition, any transactionby an IDI with any person is deemed to be atransaction with an affiliate to the extent that theproceeds of the transaction are transferred to, orused for the benefit of, the affiliate. With respectto any IDI within a holding company, its affiliatesinclude, among others, its parent, the parent’ssubsidiaries, and other companies directly orindirectly controlled by the bank’s or holdingcompany’s shareholders. Specifically, Regula-tion W defines5 an affiliate as—

1. any company that controls6 the IDI and anyother company that is controlled by thecompany that controls the IDI;

2. any bank subsidiary of the IDI;3. any company—

— that is controlled directly or indirectly,by a trust or otherwise, by or for thebenefit of shareholders who beneficiallyor otherwise control, directly or indi-rectly, by trust or otherwise, the mem-ber bank or any company that controlsthe IDI; or

— in which a majority of its directors ortrustees constitute a majority of the per-sons holding any such office with theIDI or any company that controls theIDI;

4. any company (including a real estate invest-ment trust) that is sponsored and advised ona contractual basis by the IDI or any subsid-iary or affiliate of the IDI;

5. any investment company, with respect towhich an IDI or any affiliate thereof is aninvestment adviser as defined in sec-tion 2(a)(20) of the Investment CompanyAct of 1940;

6. any investment fund for which the IDI orany affiliate of the IDI serves as an invest-ment adviser, if the IDI and its affiliatesown or control, in the aggregate, more than5 percent of any class of voting securities orof the equity capital of the fund;

7. a depository institution that is a subsidiaryof the IDI;

8. a financial subsidiary of the member bank;

9. any company in which a holding companyof the IDI owns or controls, directly orindirectly, or acting through one or moreother persons, 15 percent or more of theequity capital pursuant to the merchantbanking authority in section 4(k)(4)(H) or(I) of the Bank Holding Company Act(12 U.S.C. 1843(k)(4)(H) or (I));

10. any partnership for which the IDI or anyaffiliate of the IDI serves as a general part-ner or for which the IDI or any affiliate ofthe IDI causes any director, officer, oremployee of the member bank or affiliate toserve as a general partner;

11. any subsidiary of an affiliate described inparagraphs (a)(1) through (10) of sec-tion 223.2 of Regulation W; and

12. any company that the Board, or the appro-priate federal banking agency for the IDI,determines by regulation or order to have arelationship with the IDI or any subsidiaryor affiliate of the member bank, such thatcovered transactions by the member bankor its subsidiary with that company may beaffected by the relationship, to the detri-ment of the IDI or its subsidiary.

The following generally are not considered tobe affiliates of an IDI:

1. a nonbank subsidiary of the IDI (other thana financial subsidiary), unless the Boarddetermines not to exclude such a subsidiary;

2. a company engaged solely in holding theIDI’s premises;

3. a company engaged solely in conducting asafe deposit business;

4. a company engaged solely in holding obli-gations of the United States or its agenciesor obligations fully guaranteed by theUnited States or its agencies as to principaland interest; and

5. a company in which control arises from theexercise of rights arising out of a bona fidedebt previously contracted (for the periodof time specified by section 23A).

the bank may be affected by the relationship to the detriment

of the bank.

5. See 12 C.F.R. 223.2.

6. By statute, ‘‘control’’ is defined as the power to (1) vote

25 percent or more of the voting shares of a company,

excluding situations in which the stock is controlled in a

fiduciary capacity; (2) elect a majority of the directors of a

company; or (3) exercise a controlling influence over a com-

pany. Control is discussed in more detail at 2020.1.3.1.

Transactions Between Member Banks and Their Affiliates—Sections 23A and 23B 2020.1


2020.1.1.2 Definition of Affiliates byType of Entity

2020.1.1.2.1 Investment Funds Advisedby the Member Bank or an Affiliate of theMember Bank

Regulation W includes as an affiliate any com-pany that is sponsored and advised on a contrac-tual basis by the IDI or any of its affiliates aswell as any investment company for which theIDI or its affiliate serves as an investmentadviser, as defined in the Investment CompanyAct of 1940 (the 1940 Act). In Regulation W,the Board used its statutory authority to defineas an affiliate any investment fund—even if notan investment company for purposes of the 1940Act—for which the IDI or an affiliate of the IDIserves as an investment adviser, if the IDI or anaffiliate of the IDI owns or controls more than5 percent of any class of voting securities orsimilar interests of the fund.

Many investment funds that are advised by anIDI (or an affiliate of an IDI) are affiliates of theIDI under section 23A because the funds eitherare investment companies under the 1940 Act orare sponsored by the IDI (or an affiliate of theIDI). The IDI or its affiliate, in some instances,however, may advise but not sponsor an invest-ment fund that is not an investment companyunder the 1940 Act.7 The advisory relationshipof an IDI or affiliate with an investment fundpresents the same potential for conflicts of inter-est regardless of whether the fund is an invest-ment company under the 1940 Act.8 The Dodd-Frank Act treats any investment fund as anaffiliate if the IDI or an affiliate of the IDI servesas an investment adviser to the fund.

2020.1.1.2.2 Financial Subsidiaries

In 1999, the Gramm-Leach-Bliley Act (the GLBAct) authorized banks to own ‘‘financial subsid-iaries’’ that engage in activities not permissiblefor the parent bank to conduct directly, such as

underwriting and dealing in bank-ineligiblesecurities. The GLB Act amended section 23Ato define a financial subsidiary of a bank as anaffiliate of the bank and thus subjected coveredtransactions between the bank and a financialsubsidiary to the limitations of sections 23A and23B.

Section 23A defines a financial subsidiary asa subsidiary of any bank (state or national) thatis engaged in an activity that is not permissiblefor national banks to engage in directly (otherthan a subsidiary that federal law specificallyauthorizes national banks to own or control).Specifically, a ‘‘financial subsidiary’’ is definedas ‘‘any company that is a subsidiary of a bankthat would be a financial subsidiary of a nationalbank under section 5136A of the Revised Stat-utes of the United States.’’9 (See 12 U.S.C.371c(e)(1).) Section 5136A, in turn, defines afinancial subsidiary as any company that is con-trolled by one or more member banks, otherthan (1) a subsidiary that engages solely inactivities that national banks are permitted toengage in directly (and subject to the terms andconditions that apply to national banks) or (2) asubsidiary that national banks are specificallyauthorized to control by the express terms of afederal statute (other than section 5136A of theRevised Statutes), such as an Edge Act corpora-tion or a small business investment company(SBIC).10 (See 12 U.S.C. 24a(g)(3).) Section5136A also prohibits a financial subsidiary of anational bank from engaging in insurance under-writing, real estate investment and development,or merchant banking activities.11 (See 12 U.S.C.24a(a)(2).)

The Dodd-Frank Act amended section 23A asit relates to financial subsidiaries of a bank.First, the 10 percent quantitative limit of sec-tion 23A between a bank and any individualaffiliate applies to covered transactions betweena bank and a financial subsidiary of the bank. Inaddition, for purposes of section 23A, theamount of a bank’s investment in its financialsubsidiary includes the retained earnings of thefinancial subsidiary. See section 609(a) of theDodd-Frank Act.

Section 23A generally applies only to transac-tions between (1) a bank and an affiliate of thebank and (2) a bank and a third party in whichsome benefit of the transactions accrues to an

7. 12 U.S.C. 371c(b)(1)(E).

8. An investment fund typically escapes from the defini-

tion of investment company under the 1940 Act because it

(1) sells interests only to a limited number of investors or only

to sophisticated investors or (2) invests primarily in financial

instruments that are not securities. An IDI may face greater

risk from the conflicts of interest arising from its relationships

with an investment fund that is not registered than an invest-

ment company under the 1940 Act because the 1940 Act

restricts transactions between a registered investment com-

pany and entities affiliated with the company’s investment

adviser. (See 15 U.S.C. 80a-17).

9. 12 U.S.C. 24a(g)(3).

10. 12 U.S.C. 24a(a)(2).

11. 12 U.S.C. 371c(e)(1).



affiliate of the bank. The statute generally doesnot apply to transactions between two affiliates.Section 23A establishes two special anti-evasionprovisions, however, that govern transactionsbetween a financial subsidiary of a bank andanother affiliate of the bank. First, the FRAprovides that any purchase of, or investment in,the securities of a bank’s financial subsidiary byan affiliate of the bank will be deemed to be apurchase of, or investment in, such securities bythe bank itself. Second, the GLB Act authorizesthe Board to deem a loan or other extension ofcredit made by a bank’s affiliate to any financialsubsidiary of the bank to be an extension ofcredit by the bank to the financial subsidiary, ifthe Board determines that such action is neces-sary or appropriate to prevent evasion.

2020.1.1.2.2.1 Regulation W Provisions forFinancial Subsidiaries

Regulation W (1) defines a financial subsidiaryof a bank, (2) exempts certain companies fromthe definition, and (3) sets forth special valua-tion and other rules for financial subsidiaries.(See sections 223.2(a)(8), 223.3(p), and 223.32of the rule.) Regulation W also includes severalspecial rules that apply to transactions withfinancial subsidiaries.

Applicability of the 10 percent quantitativelimit to transactions with a financial subsidiary.The 10 percent quantitative limit in section 23Aapplies with respect to covered transactionsbetween a member bank and any individualfinancial subsidiary of the bank.12

Valuation of investments in securities issuedby a financial subsidiary. Because financial sub-sidiaries of a member bank are considered affili-ates of the bank for purposes of section 23A, amember bank’s purchases of, and investmentsin, the securities of its financial subsidiary arecovered transactions under the statute.13 TheDodd-Frank Act provides that a member bank’sinvestment in its own financial subsidiary, forpurposes of section 23A, shall include the

retained earnings of the financial subsidiary.14

In light of this statutory provision, sec-tion 223.32(b) of the rule contains a specialvaluation provision for investments by a mem-ber bank in the securities of its own financialsubsidiary.15 Such investments must be valuedat the greater of (1) the price paid by the mem-ber bank for the securities or (2) the carryingvalue of the securities on the financial state-ments of the member bank (determined in accor-dance with generally accepted accounting prin-ciples (GAAP) but without reflecting the bank’spro rata share of any earnings retained, or lossesincurred by, the financial subsidiary after thebank’s acquisition of the securities).16

This valuation rule differs from the generalvaluation rule for investments in securitiesissued by an affiliate in that the financial subsid-iary rule permits, consistent with the GLB Act,that the carrying value of the investment becomputed without consideration of the retainedearnings or losses of the financial subsidiarysince the time of the member bank’s investment.As a result of this rule, the covered transactionamount for a member bank’s investment insecurities issued by its financial subsidiary gen-erally would not increase after the investmentwas made except if the member bank made anadditional capital contribution to the subsidiaryor purchased additional securities of thesubsidiary.

The following examples were designed toassist banks in valuing investments in securitiesissued by a financial subsidiary of the bank.Each example involves a securities underwriterthat becomes a financial subsidiary of the bankafter the transactions described below.

1. Initial valuation.a. Direct acquisition by a bank. A bank pays

$500 to acquire 100 percent of the sharesof a securities underwriter. The initial car-rying value of the shares on the memberbank’s parent-only GAAP financial state-ments is $500. The member bank initially

12. A member bank’s aggregate amount of covered trans-

actions with any individual financial subsidiary of the bank

may not exceed 10 percent of the bank’s capital and surplus.

13. See section 609(a) of the Dodd-Frank Act. The Dodd-

Frank Act eliminated the 10 percent quantitative limit exemp-

tion for certain covered transactions with financial subsidi-

aries and individual affiliates.

14. See section 609(a) of the Dodd-Frank Act.

15. The rule’s special valuation formula for investments by

a member bank in its own financial subsidiary does not apply

to investments by a member bank in a financial subsidiary of

an affiliated depository institution. Such investments must be

valued using the general valuation formula set forth in sec-

tion 223.23 for investments in securities issued by an affiliate

and, further, may trigger the anti-evasion rule contained in

section 223.32(c)(1) of the rule.

16. The rule also makes clear that if a financial subsidiary

is consolidated with its parent bank under GAAP, the subsidi-

ary under the carrying value of the bank’s investment in the

financial subsidiary shall be determined based on parent-only

financial statements of the bank.



must value the investment at $500.b. Contribution of a financial subsidiary to a

member bank. The parent holding com-pany of a bank acquires 100 percent ofthe shares of a securities underwriter in atransaction valued at $500 and immedi-ately contributes the shares to the memberbank. The bank gives no consideration inexchange for the shares. The bank ini-tially must value the investment at thecarrying value of the shares on the bank’sparent-only GAAP financial statements.Under GAAP, the bank’s initial carryingvalue of the shares would be $500.

2. Carrying value not adjusted for earnings andlosses of the financial subsidiary. A bank andits parent holding company engage in a trans-action whereby the member bank acquires100 percent of the shares of a securitiesunderwriter in a transaction valued at $500.The bank initially values the investment at$500. In the following year, the securitiesunderwriter earns $25 in profit, which isadded to its retained earnings. The bank’sinvestment of the shares of the underwriter isnot adjusted for purposes of section 23A andRegulation W, and the bank’s investmentcontinues to be valued at $500. If, however,the member bank contributes $100 of addi-tional capital to the securities underwriter,the bank must value the aggregate invest-ment at $600.

Anti-evasion rules as they pertain to financialsubsidiaries. Section 23A generally applies onlyto transactions between a bank and an affiliateof the bank and transactions between a memberbank and a third party when some benefit of thetransaction accrues to an affiliate of the bank.The statute generally does not apply to transac-tions between two affiliates. The GLB Act estab-lishes two special anti-evasion rules, however,that govern transactions between a financial sub-sidiary of a member bank and another affiliateof the bank.17 First, the GLB Act provides thatany purchase of, or investment in, securitiesissued by a member bank’s financial subsidiaryby an affiliate of the bank will be deemed to be apurchase of, or investment in, such securities bythe bank itself. Second, the GLB Act authorizesthe Board to deem an extension of credit madeby a member bank’s affiliate to any financialsubsidiary of the bank to be an extension ofcredit by the bank to the financial subsidiary, ifthe Board determines that such action is neces-sary or appropriate to prevent evasions of the

FRA or the GLB Act. Section 223.32(c) of therule incorporates both of these provisions.

The Board exercised its authority under thesecond anti-evasion rule by stating that anextension of credit to a financial subsidiary of abank by an affiliate of the bank would be treatedas an extension of credit by the bank itself to thefinancial subsidiary if the extension of credit istreated as regulatory capital of the financial sub-sidiary. An example of the kind of credit exten-sion covered by this provision would be a subor-dinated loan to a financial subsidiary that is asecurities broker-dealer in which the loan istreated as capital of the subsidiary under theSEC’s net capital rules. Treating such an exten-sion of credit as a covered transaction is appro-priate because the extension of credit by theaffiliate has a similar effect on the subsidiary’sregulatory capital as an equity investment by theaffiliate, which is treated as a covered transac-tion by the terms of the GLB Act (as describedabove). The rule generally does not prevent aBHC or other affiliate of a member bank fromproviding financial support to a financial subsid-iary of the bank in the form of a senior orsecured loan.

2020.1.1.2.3 Partnerships

IDIs fund legitimate commercial transactionsthrough partnerships. Partnerships for which anIDI or an affiliate(s) serves as a general partnerare affiliates. Regulation W also defines an affili-ate of an IDI as any partnership, if the IDI or anaffiliate of the IDI causes any director, officer, oremployee of the IDI or affiliate to serve as ageneral partner of the partnership (unless thepartnership is an operating subsidiary of thebank.) Also, if a company, such as a bank hold-ing company, controls more than 25 percent ofthe equity through a partnership, that companyis an affiliate under Regulation W.

2020.1.1.2.4 Subsidiaries of Affiliates

Regulation W deems a subsidiary of an affiliateas an affiliate of the IDI.

17. GLB Act section 121(b)(1), or 12 U.S.C. 371c(e)(3).



2020.1.1.2.5 Companies Designated bythe Appropriate Federal Banking Agency

Under section 223.2(a)(12), the Board or theappropriate federal banking agency for the rel-evant IDI (under authority delegated by theBoard) can determine that any company that hasa relationship with an IDI or an affiliate of theIDI, such that covered transactions by the IDIwith that company may be affected by the rela-tionship to the detriment of the IDI, is an affili-ate of the IDI. The Board and the federal bank-ing agencies can thus protect IDIs in theirtransactions with associated companies. An IDImay petition the Board to review any such affili-ate determination made by the institution’sappropriate federal banking agency under thegeneral procedures established by the Board forreview of actions taken under delegatedauthority.18

2020.1.1.2.6 Merchant Banking

The GLB Act also amended the Bank HoldingCompany Act (BHC Act) to permit BHCs andforeign banks that qualify as financial holdingcompanies (FHCs) to engage in merchant bank-ing and insurance company investment activi-ties.19 If an FHC owns or controls more than25 percent of a class of voting shares of acompany under the merchant banking or insur-ance company investment authority, the com-pany is an affiliate of any member bank con-trolled by the FHC by operation of the statutorydefinitions contained in section 23A. The GLBAct also added paragraph (b)(11) to sec-tion 23A, which creates a rebuttable presump-tion that a company (‘‘portfolio companies’’) isan affiliate of a member bank, for purposes ofsection 23A, if the bank is affiliated with anFHC and the FHC owns or controls 15 percentor more of the equity capital of the other com-pany pursuant to the FHC’s merchant bankingor insurance company investment authority20

(section 4(k)(4)(H) or (I) of the BHC Act). (See12 U.S.C. 371c(b)(11).)

The rule also provides three specific regula-tory safe harbors from the 15 percent presump-tion. These safe harbors apply in situationswhere the holding company owns or controlsmore than 15 percent of the total equity of thecompany under the merchant banking or insur-ance company investment authority (therebytriggering the statutory presumption) and lessthan 25 percent of any class of voting securitiesof the company (thereby not meeting the statu-tory definition of control). The three situationsare substantially identical to those listed in theBoard’s merchant banking regulation.21

The first exemption applies where no director,officer, or employee of the holding companyserves as a director (or individual exercisingsimilar functions) of the company. The secondexemption applies where an independent thirdparty controls a greater percentage of the equitycapital of the company than is controlled by theholding company, and no more than one officeror employee of the holding company serves as adirector (or individual exercising similar func-tions) of the company. The third exemptionapplies where an independent third party con-trols more than 50 percent of the voting sharesof the company, and officers and employees ofthe holding company do not constitute a major-ity of the directors (or individuals exercisingsimilar functions) of the company.22

These safe harbors do not require Boardreview or approval of the exclusion from affili-ate status. Moreover, the safe harbors are notintended to be a complete list of circumstancesin which the 15 percent presumption may berebutted. The rule also provides, consistent withthe GLB Act, that a holding company may rebutthe presumption with respect to a portfolio com-pany by presenting information to the Boardthat demonstrates, to the Board’s satisfaction,that the holding company does not control theportfolio company. The Board notes that a com-pany that qualifies as an affiliate under the15 percent presumption and under another prongof the regulation’s definition of affiliate cannotavoid affiliate status through a rebuttal of the15 percent presumption (either by qualifying for

18. See 12 C.F.R. 265.3.

19. GLB Act, section 103(a); 12 U.S.C. 1843(k)(4)(H) and

(I).

20. GLB Act, section 121(b)(2). As noted above, this

rebuttable presumption applies only if the affiliated FHC

owns or controls 15 percent or more of the company’s equity

capital under the merchant banking or insurance company

investment authorities. The Board noted, however, that under

existing Board precedents, a BHC may not own any shares of

a company in reliance on section 4(c)(6) or 4(c)(7) of the

BHC Act where the holding company owns or controls, in the

aggregate under a combination of authorities, more than 5 per-

cent of any class of voting securities of the company.

21. See 12 C.F.R. 225.176(b)(2) and (3).

22. For purposes of these safe harbors, the rule provides

that the term ‘‘holding company’’ includes any subsidiary of

the holding company, including any subsidiary bank of the

holding company. Accordingly, if a director of a subsidiary

bank or nonbank subsidiary of an FHC also serves as a

director of a portfolio company, the first safe harbor, for

example, would be unavailable.



one of the three regulatory safe harbors or byobtaining an ad hoc rebuttal of the presumptionfrom the Board).

An FHC generally is considered to own orcontrol only those shares or other ownershipinterests that are owned or controlled by itself orby a subsidiary of the holding company. Therule clarifies that, for purposes of applying thepresumption of affiliation described above, anFHC that has an investment in a private equityfund (as defined in the Board’s merchant bank-ing rule) will not be considered indirectly toown the equity capital of a company in whichthe fund has invested unless the FHC controlsthe private equity fund (as described in theBoard’s merchant banking rule).

2020.1.1.2.7 Companies that are notAffiliates

Under the terms of section 23A, subsidiaries ofan IDI generally are not treated as affiliates ofthe member bank.23 The statute contains twospecific exceptions to this general rule: finan-cial subsidiaries of an IDI and IDI subsidiariesof an IDI are treated as affiliates of the parentIDI. The statute provides that the Board maydetermine that other subsidiaries of an IDIshould be treated as affiliates in appropriatecircumstances.24

Under section 223.2(b)(1)(iii) of the rule, cer-tain joint venture subsidiary companies of anIDI are treated as affiliates. A subsidiary of anIDI is treated as an affiliate if one or moreaffiliates of the IDI, or one or more controllingshareholders of the IDI, directly control the jointventure. For example, if an IDI controls 30 per-cent of company A and an affiliate controls70 percent of Company A, then Company A isan affiliate. This provision also covers situationsin which a controlling natural-person share-holder or group of controlling natural-personshareholders of the IDI (who, as natural per-sons, are not themselves section 23A affiliatesof the IDI) exercise direct control over the jointventure company. The rule’s treatment of cer-tain IDI-affiliate joint ventures as affiliates doesnot apply to joint ventures between an IDI and

any affiliated IDIs. For example, if two affiliatedIDIs each own 50 percent of the voting commonstock of a company, the company would con-tinue to qualify as a subsidiary and not an affili-ate of each IDI (despite the fact that an affiliateof each IDI owned more than 25 percent of aclass of voting securities of the company). TheBoard has retained its authority to treat suchjoint ventures as affiliates under section 23A ona case-by-case basis.

2020.1.1.2.8 Employee Benefit Plans

Regulation W clarifies, under section223.2(b)(1)(iv), that an employee stock optionplan (ESOP), of an IDI or an affiliate of the IDIcannot itself avoid classification as an affiliateof the member bank by also qualifying as asubsidiary of the member bank. Many, but notall, ESOPs, trusts, or similar entities that exist tobenefit shareholders, members, officers, direc-tors, or employees of an IDI or its affiliates aretreated as affiliates of the IDI for purposes ofsections 23A and 23B. The ESOP’s share own-ership or the interlocking management betweenthe ESOP and its associated IDI (or BHC), inmany cases, exceeds the statutory thresholds fordetermining that a company is an affiliate. Forexample, if an ESOP controls more than 25 per-cent of the voting shares of the member bank orbank holding company, the ESOP is an affiliate.

The relationship between an IDI and its (orits) affiliate’s ESOP generally warrants cover-age by sections 23A and 23B. IDIs have madeunsecured loans to their ESOPs or their affili-ates’ ESOP or have guaranteed loans to suchESOPs that were made by a third party. TheseESOPs, however, generally have no means torepay the loans other than with funds providedby the IDI. In addition, even if the ESOP’sownership control does not warrant treatment asan affiliate, the issuance of holding companyshares to an ESOP that is funded by a loan fromthe holding company’s subsidiary IDI could beused as a vehicle by the IDI to provide funds toits parent holding company when the IDI isunable to pay dividends or is otherwiserestricted in providing funds to its holding com-pany. The attribution rule (12 C.F.R. 223.16)subjects such transactions to the restrictions ofsections 23A and 23B.

23. See 12 U.S.C. 371c(b)(1)(A) and (b)(2)(A). Section

23A defines a subsidiary of a specified company as a com-

pany that is controlled by the specified company. Under the

statute, a company controls another company if the first

company owns or controls 25 percent or more of a class of

voting securities of the other company, controls the election of

a majority of the directors of the other company, or exercises

a controlling influence over the policies of the other company

(12 U.S.C. 371c(b)(3) and (4)).

24. 12 U.S.C. 371c(b)(2)(A).



2020.1.2 QUANTITATIVE LIMITS

Section 23A(a)(1)(A) states that an IDI mayengage in a covered transaction with an affiliateonly if in the case of any affiliate

1. the IDI limits the aggregate amount of cov-ered transactions to that particular affiliate tonot more than 10 percent of the IDI’s capitalstock and surplus and

2. the IDI limits the aggregate amount of allcovered transactions with all of its affiliatesto 20 percent of the IDI’s capital stock andsurplus.

The rule’s interpretation of the 10 percent limitis consistent with the statutory language.25 AnIDI that has crossed the 10 percent thresholdwith one affiliate may still conduct additionalcovered transactions with other affiliates, iftransactions with all affiliates would not exceed20 percent of the IDI’s capital stock and surplus.An IDI is prohibited from engaging in a newcovered transaction with that affiliate if the IDI’stransactions would exceed the 10 percent thresh-old with that affiliate or if the level of coveredtransactions with all its affiliates exceeded the20 percent threshold. The rule generally doesnot require an IDI to unwind existing coveredtransactions if the member bank exceeds the10 percent or 20 percent limit because its capitaldeclined or a preexisting covered transactionincreased in value.

The Board strongly encourages IDIs withcovered transactions in excess of the 10 percentthreshold with any affiliate to reduce those trans-actions before expanding the scope or extent ofthe member bank’s relationships with otheraffiliates.

2020.1.3 CAPITAL STOCK ANDSURPLUS

Under section 23A, the quantitative limits oncovered transactions are based on the ‘‘capitalstock and surplus’’ of the IDI. An IDI’s capitalstock and surplus for purposes of section 23A ofthe FRA is—

1. the sum of tier 1 and tier 2 capital included inan institution’s risk-based capital under the

capital guidelines of the appropriate federalbanking agency, based on the institution’smost recent consolidated FFIEC Reports ofCondition and Income (Call Report) filedunder 12 U.S.C. 1817(a)(3);

2. the balance of an institution’s allowance forloan and lease losses not included in its tier 2capital for purposes of the calculation ofrisk-based capital by the appropriate federalbanking agency (based on the institution’smost recent consolidated Call Report of Con-dition and Income that is filed under12 U.S.C. 1817(a)(3)); and

3. the amount of any investment in a financialsubsidiary that counts as a covered transac-tion that is required to be deducted from theIDI’s regulatory capital.26

Examiners can determine the amount of thequantitative limits.27

2020.1.3.1 Determination of Control

The definition of ‘‘control’’ is similar to thedefinition used in the BHC Act. Under the rule,a company or shareholder shall be deemed tohave control over another company if—

• such company or shareholder, directly or indi-rectly, or acting through one or more otherpersons, owns, controls, or has power to vote25 percent or more of any class of votingsecurities of the other company;

• such company or shareholder controls in anymanner the election of a majority of the direc-tors or trustees (or general partners or indi-viduals exercising similar functions), of theother company; or

• the Board determines, after notice and oppor-tunity for hearing, that such company orshareholder, directly or indirectly, exercises acontrolling influence over the management orpolicies of the other company.28

In addition, three additional presumptions ofcontrol are provided under the rule. First, acompany will be deemed to control securities,assets, or other ownership interests controlledby any subsidiary of the company.29 Second, acompany that controls instruments (includingoptions and warrants) that are convertible orexercisable, at the option of the holder or owner,

25. Sections 223.11 and 223.12 of the rule set forth these

quantitative limits.26. See section 223.3(d) of the rule (12 C.F.R. 223.3(d)).

27. Examiners should refer to the IDI’s most recent Call

Report.

28. See section 223.3(g) of the rule (12 C.F.R. 223.3(g)).

29. See 12 C.F.R. 225.2(e)(2)(i).



into securities, will be deemed to control thesecurities.30 Third, a rebuttable presumptionprovides that a company or shareholder thatowns or controls 25 percent or more of theequity capital of another company controls theother company, unless the company or share-holder demonstrates otherwise to the Boardbased on the facts and circumstances of theparticular case.31 Such a presumption of controlis particularly appropriate in the section 23Acontext because a BHC may have incentives todivert the resources of a subsidiary IDI to anycompany in which the holding company has asubstantial financial interest, regardless ofwhether the holding company owns any votingsecurities of the company.

Section 23A and the rule provide that nocompany shall be deemed to own or controlanother company by virtue of its ownership orcontrol of shares in a fiduciary capacity except(1) when a company that is controlled, directlyor indirectly, by a trust for the benefit of share-holders who beneficially or otherwise control,directly or indirectly, a member bank, or (2) ifthe company owning or controlling such sharesis a business trust.

2020.1.4 COVERED TRANSACTIONS

The restrictions of section 23A do not apply toevery transaction between an IDI and its affili-ates; section 23A only applies to seven ‘‘cov-ered transactions’’ between an IDI and its affili-ates.32

A covered transaction under section 23A ofthe FRA means—

1. a loan or extension of credit by an IDI to anaffiliate;

2. a purchase of, or an investment in, the securi-ties issued by an affiliate of an IDI includinga purchase of assets subject to an agreementto repurchase;33

3. an IDI’s purchase of assets from an affiliate,except for purchases of real and personal

property as may be specifically exempted bythe Board by order or regulation;

4. the acceptance by an IDI of securities orother debt obligations issued by an affiliateas collateral security for a loan or extensionof credit by the member bank to any personor company;34

5. the issuance by an IDI of a guarantee, accep-tance, or letter of credit, including anendorsement or standby letter of credit, onbehalf of an affiliate.

6. a transaction with an affiliate that involvesthe borrowing or lending of securities, to theextent that the transaction causes an IDI or asubsidiary to have credit exposure to theaffiliate; or

7. a derivative transaction, as defined in 12U.S.C. 84(b), with an affiliate, to the extentthat the transaction causes an IDI or a subsid-iary to have credit exposure to the affiliate.

If a transaction between an IDI and an affiliate isnot within one of the above categories, it is not acovered transaction for the purposes of sec-tion 23A and is not subject to its limitations. Allcovered transactions must be made on terms andconditions that are consistent with safe andsound banking practices.35

Among the transactions that generally are notsubject to section 23A are dividends paid by anIDI to its holding company, sales of assets by anIDI to an affiliate for cash, an affiliate’s pur-chase of securities issued by an IDI, and manyservice contracts between an IDI and an affili-ate.36 Certain classes of transactions between amember bank and an affiliate are discussedbelow as to whether they are covered transac-tions for purposes of section 23A. (See sec-tion 223.3(h).)

2020.1.4.1 Attribution Rule

The ‘‘attribution rule,’’ found in section 223.16,prevents an IDI from evading its restrictions of

30. See 12 C.F.R. 225.31(d)(1)(i). The rule refers more

generically to convertible ‘‘instruments.’’ It clarifies that the

convertibility presumption applies regardless of whether the

right to convert resides in a financial instrument that techni-

cally qualifies as a ‘‘security’’ under section 23A or the

federal securities laws.

31. See, for example, 12 C.F.R. 225.143 (Board Policy

Statement on Equity Investments in Banks and Bank Holding

Companies).

32. 12 U.S.C. 371c(b)(7).

33. The investment by an IDI or its affiliate in a financial

subsidiary of the bank excludes the retained earnings of the

financial subsidiary.

34. The acceptance of an affiliate’s securities for a loan

when proceeds are transferred to, or used for the benefit of, an

affiliate is prohibited. (See section 223.3(h)(2).)

35. Board staff has taken the position that safety and

soundness requires that the transaction be conducted on mar-

ket terms.

36. A transaction when an IDI receives assets from an

affiliate and the IDI pays a dividend or returns capital to an

affiliate may result in a purchase of assets for the purposes of

section 23A. Although these transactions are not subject to

section 23A, they may be subject to section 23B or other laws.



section 23A by using intermediaries, and it lim-its the exposure that an IDI has to customers ofaffiliates of the IDI. Section 223.16 providesthat any covered transaction by an IDI or itssubsidiary with any person is deemed to be atransaction with an affiliate of the IDI if any ofthe proceeds of the transaction are used for thebenefit of, or are transferred to, the affiliate. Forexample, an IDI’s loan to a customer for thepurpose of purchasing securities from the inven-tory of a broker-dealer affiliate of the memberbank would be a covered transaction under sec-tion 23A.

2020.1.4.2 Credit Transactions with anAffiliate

2020.1.4.2.1 Extension of Credit to anAffiliate or Other Credit Transaction withan Affiliate

Section 23A includes a ‘‘loan or extension ofcredit’’ to an affiliate as a covered transaction,but does not define these terms. Section 223.3(o)of the rule defines ‘‘extension of credit’’ to anaffiliate to mean the making or renewal of a loanto an affiliate, the granting of a line of credit toan affiliate, or the extending of credit to anaffiliate in any manner whatsoever, including onan intraday basis. Transactions that are definedas extensions of credit include but are not lim-ited to the following:

1. an advance to an affiliate by means of anoverdraft, cash item, or otherwise;

2. a sale of federal funds to an affiliate;3. a lease that is the functional equivalent of an

extension of credit to an affiliate;37

4. an acquisition by purchase, discount,exchange, or otherwise of a note or otherobligation, including commercial paper orother debt securities, of an affiliate;

5. any increase in the amount of, extension ofthe maturity of, or adjustment to the interest-rate term or other material term of, an exten-sion of credit to an affiliate;38 and

6. any other similar transaction as a result ofwhich an affiliate becomes obligated to paymoney (or its equivalent) to an IDI.39

An IDI’s purchase of a debt security issuedby an affiliate is an extension of credit by theIDI to the affiliate for purposes of section 23Aunder the rule. An IDI that buys debt securitiesissued by an affiliate has made an extension ofcredit to an affiliate under section 23A and mustcollateralize the transaction in accordance withthe collateral requirements of section 23A. Anexemption from the collateral requirements isprovided for situations in which an IDI pur-chases an affiliate’s debt securities from a thirdparty in a bona fide secondary-markettransaction.

2020.1.4.2.2 Valuation of CreditTransactions with an Affiliate

A credit transaction between an IDI and anaffiliate initially must be valued at the amount offunds provided by the IDI to, or on behalf of,the affiliate plus any additional amount that theIDI could be required to provide to, or on behalfof, the affiliate. The section 23A value of acredit transaction between an IDI and an affili-ate is the greater of (1) the principal amount ofthe credit transaction; (2) the amount owed bythe affiliate to the member bank under the credittransaction; or (3) the sum of (a) the amountprovided to, or on behalf of, the affiliate in thetransaction and (b) any additional amount thatthe member bank could be required to provideto, or on behalf of, the affiliate under the termsof the member transaction. (See 223.21)

The first prong of the rule’s valuation formulafor credit transactions (‘‘the principal amount ofthe credit transaction’’) would likely determinethe valuation of a transaction in which an IDIpurchased a zero-coupon note issued by anaffiliate. An IDI should value such an extensionof credit at the principal, or face amount of thenote (that is, at the amount that the affiliateultimately must pay to the IDI) rather than at theamount of funds initially advanced by the IDI.For example, assume an IDI purchased from an

37. The Board would consider a full-payout, net lease

permissible for a national bank under 12 U.S.C. 24 (seventh)

and 12 C.F.R. 23 to be the functional equivalent of an exten-

sion of credit.

38. A floating-rate loan does not become a new covered

transaction whenever there is a change in the relevant index

(for example, LIBOR or the member bank’s prime rate) from

which the loan’s interest rate is calculated. If the member

bank and the borrower, however, amend the loan agreement to

change the interest-rate term from ‘‘LIBOR plus 100 basis

points’’ to ‘‘LIBOR plus 150 basis points,’’ the parties have

engaged in a new covered transaction.

39. The definition of extension of credit would cover,

among other things, situations in which an affiliate fails to pay

on a timely basis for services rendered to the affiliate by the

IDI or the affiliate fails to pay a tax refund to the IDI.



affiliate for $50 a 10-year zero-coupon noteissued by the affiliate with a face amount of$100. The rule’s valuation formula requires theIDI to value this transaction at $100.

The second prong of the rule’s valuation for-mula for credit transactions (‘‘the amount owedby the affiliate’’) likely would determine thevaluation of a transaction in which an affiliatefails to pay an IDI when due a fee for servicesrendered by the IDI to the affiliate. This prongof the valuation formula does not include(within section 23A’s quantitative limits) itemssuch as accrued interest not yet due on an IDI’sloan to an affiliate.

IDIs will be able to determine the section 23Avalue for most credit transactions under the thirdprong of the rule’s valuation formula. Underthis prong, for example, a $100 term loan is a$100 covered transaction, a $300 revolvingcredit facility is a $300 covered transaction(regardless of how much of the facility theaffiliate has drawn down), and a guarantee back-stopping a $500 debt issuance of the affiliate is a$500 covered transaction.

Under section 23A and the rule, a memberbank has made an extension of credit to anaffiliate if the IDI purchases from a third party aloan previously made to an affiliate of the IDI.A different valuation formula is provided forthese indirect credit transactions: The IDI mustvalue the transaction at the price paid by the IDIfor the loan plus any additional amount that theIDI could be required to provide to, or on behalfof, the affiliate under the terms of the creditagreement.

For example, if an IDI pays a third party $90for a $100 term loan that the third party previ-ously made to an affiliate of the IDI (because,for example, the loan was at a fixed rate and hasdeclined in value because of a rise in the generallevel of interest rates), the covered-transactionamount is $90 rather than $100. The lowercovered-transaction amount reflects the fact thatthe IDI’s maximum loss on the transaction is$90 rather than the original principal amount ofthe loan. For another example, if an IDI pays athird party $70 for a $100 line of credit to anaffiliate, of which $70 had been drawn down bythe affiliate, the covered-transaction amountwould be $100 (the $70 purchase price paid bythe IDI for the credit plus the remaining $30 thatthe IDI could be required to lend under thecredit line).

In another example, an IDI makes a term loanto an affiliate that has a principal amount of$100. The affiliate pays $2 in up-front fees tothe member bank, and the affiliate receives netloan proceeds of $98. The IDI must initially

value the covered transaction at $100.Although the rule considers an IDI’s purchase

of, or investment in, a debt security issued by anaffiliate as an extension of credit to an affiliate,these transactions are not valued like otherextensions of credit. See section 223.23 for thevaluation rules for purchases of, and invest-ments in, the debt securities of an affiliate.

2020.1.4.2.3 Timing of a CreditTransaction with an Affiliate

An IDI has entered into a credit transaction withan affiliate at the time during the day that theIDI becomes legally obligated to make theextension of credit to, or issue the guarantee,acceptance, or letter of credit on behalf of, theaffiliate. A covered transaction occurs at themoment that the IDI executes a legally valid,binding, and enforceable credit agreement orguarantee and does not occur only when an IDIfunds a credit facility or makes payment on aguarantee. Consistent with section 23A, the ruleonly requires an IDI to compute compliancewith its quantitative limits when the IDI is aboutto engage in a new covered transaction. The ruledoes not require an IDI to compute compliancewith the rule’s quantitative limits on a continu-ous basis. See section 223.21(b)(1) of the rule.

The burden of the timing rule is mitigatedsignificantly by the exemption for intradayextensions of credit found in section 223.42(l).The intraday credit exemption generally appliesonly to extensions of credit that an IDI expectsto be repaid, sold, or terminated by the end of itsU.S. business day. The IDI must have policiesand procedures to manage and minimize thecredit exposure. Any such extension of creditthat is outstanding at the end of the IDI’s busi-ness day must be treated as an extension ofcredit and must meet the regulatory quantitativeand collateral requirements.

2020.1.4.2.4 Leases

Lease transactions that constitute the functionalequivalent of a loan or an extension of credit maybe subject to section 23A. Such leasearrangements, in effect, are equivalent to a loanby the IDI and are essentially financingarrangements. Some of the characteristics thatwould normally cause a lease to be construed asa loan equivalent include the lessee’s having



responsibility for the servicing, maintenance,insurance, licensing, or risk of loss or damage,and the lessee’s having the option to purchase theequipment.

2020.1.4.2.5 Extensions of Credit Securedby Affiliate Securities—General ValuationRule (Section 223.24(a) and (b))

Section 23A defines as a covered transaction anIDI’s acceptance of securities issued by an affili-ate as collateral for a loan or extension of creditto any person or company.40 This type of cov-ered transaction has two classes: one in whichthe only collateral for the loan is solely affiliatesecurities and another in which the loan issecured by a combination of affiliate securitiesand other collateral.40a

Under the rule, if the credit extension issecured exclusively by affiliate securities, thenthe transaction is valued at the full amount ofthe extension of credit. This approach reflectsthe difficulty of measuring the actual value oftypically untraded and illiquid affiliate securitiesand conservatively assumes that the value of thesecurities is equal to the full value of the loanthat the securities collateralize. An exception isprovided to the general rule when the affiliatesecurities held as collateral have a ready market(as defined by section 223.42 of the rule). In thatcase, the transaction may be valued at the fairmarket value of the affiliate securities. Theexception grants relief in those circumstanceswhen the value of the affiliate securities is inde-pendently verifiable by reference to transactionsoccurring in a liquid market.41

Covered transactions of the second class, inwhich the credit extension is secured by affiliate

securities and other collateral, are valued at thelesser of (1) the total value of the extension ofcredit minus the fair market value of the othercollateral or (2) the fair market value of theaffiliate securities (if the securities have a readymarket). The rule’s ready-market requirementapplies regardless of the amount of affiliatecollateral.42

2020.1.4.2.6 Extensions of Credit Securedby Affiliate Securities—Mutual FundShares

Section 23A(b)(7)(D) of the FRA defines as acovered transaction a member bank’s accep-tance of securities issued by an affiliate as collat-eral security for a loan or extension of credit toany person or company.

Section 223.24(c) of the rule provides anexemption for extensions of credit by a memberbank that are secured by shares of an affiliatedmutual fund. To qualify for the exemption, thetransaction must meet several conditions. First,to ensure that the affiliate collateral is liquid andtrades at a fair price, the affiliated mutual fundmust be an open-end investment company thatis registered with the SEC under the 1940 Act.Second, to ensure that the IDI can easily estab-lish and monitor the value of the affiliate collat-eral, the affiliated mutual fund’s shares servingas collateral for the extension of credit musthave a publicly available market price. Third, toreduce the IDI’s incentives to use these exten-sions of credit as a mechanism to support theaffiliated mutual fund, the IDI and its affiliatesmust not own more than 5 percent of the fund’sshares (excluding certain shares held in a fidu-ciary capacity). Finally, the proceeds of theextension of credit must not be used to purchasethe affiliated mutual fund’s shares serving ascollateral or otherwise used to benefit an affili-ate. In such circumstances, the IDI’s extensionof credit would be covered by section 23A’sattribution rule. For example, an IDI proposes tolend $100 to a nonaffiliate secured exclusivelyby eligible affiliated mutual fund securities. TheIDI knows that the nonaffiliate intends to use allthe loan proceeds to purchase the eligible affili-ated mutual fund securities that would serve ascollateral for the loan. Under the attribution rulein section 223.16, the IDI must treat the loan tothe nonaffiliate as a loan to an affiliate, and

40. See 12 U.S.C. 371c(b)(7)(D). This covered transaction

only arises when the member bank’s loan is to a nonaffiliate.

Under section 23A, the securities issued by an affiliate are not

acceptable collateral for a loan or extension of credit to any

affiliate. (See 12 U.S.C. 371(c)(4)) If the proceeds of a loan

that is secured by an affiliate’s securities are transferred to an

affiliate by the unaffiliated borrower (for example, to purchase

assets or securities from the inventory of an affiliate), the loan

should be treated as a loan to the affiliate and the affiliates

securities cannot be used to meet the collateral requirements

of sections 23A. The loan must then be secured with other

collateral in an amount and of a type that meets the require-

ments of section 23A for loans by an IDI to an affiliate.

40a. The securities issued by an affiliate cannot be used as

collateral for a loan to any affiliate (12 U.S.C. 371c (c)(4)).

41. In either case, the transaction must comply with sec-

tion 23B; that is, the IDI must obtain the same amount of

affiliate securities as collateral on the credit extension that the

IDI would obtain if the collateral were not affiliate securities.42. Under the rule, an IDI may use the higher of the two

valuation options for these transactions if, for example, the

IDI does not have the procedures and systems in place to

verify the fair market value of affiliate securities.



because securities issued by an affiliate are ineli-gible collateral under section 223.14, the loanwould not be in compliance with section 223.14.

2020.1.4.3 Asset Purchases

2020.1.4.3.1 Purchase of Assets underRegulation W

Regulation W provides that a purchase of assetsby an IDI from an affiliate initially must bevalued at the total amount of considerationgiven by the IDI in exchange for the asset. (Seesection 223.22.) This consideration can take anyform and includes an assumption of liabilitiesby the IDI. An assumption of liabilities caninclude a mortgage, other debt obligations, orthe cost associated with the transfer of employ-ees, such as pension obligations, bonuses, oraccrued vacation.

Asset purchases are a covered transaction foran IDI for as long as the IDI holds the asset. Thevalue of the covered transaction after the pur-chase may be reduced to reflect amortization ordepreciation of the asset, to the extent that suchreductions are consistent with GAAP and arereflected on the IDI’s financial statements.

Certain asset purchases by an IDI from anaffiliate are not valued in accordance with thegeneral asset-purchase valuation formula. First,if the IDI buys from one affiliate a loan made toa second affiliate, the IDI must value the trans-action as a credit transaction with the secondaffiliate under section 223.21. Second, if the IDIbuys from one affiliate a security issued by asecond affiliate, the IDI must value the transac-tion as an investment in securities issued by thesecond affiliate under section 223.23. Third, ifthe IDI acquires the shares of an affiliate thatbecomes an operating subsidiary of the IDI afterthe acquisition, the IDI must value the transac-tion under section 223.31.

A special valuation rule applies to an IDI’spurchase of a line of credit or loan commitmentfrom an affiliate. An IDI initially must valuesuch asset purchases at the purchase price paidby the IDI for the asset plus any additionalamounts that the IDI is obligated to provideunder the credit facility.43 This special valuation

rule ensures that there are limits on the amountof risk a company can shift to an affiliated IDI.

Section 23A(d)(6) provides an exemption forpurchasing assets having a readily identifiableand publically available market quotation. Sec-tion 224.42(e) of the rule codified this exemp-tion. Section 223.42(f) expands the statutory(d)(6) exemption to allow an IDI to purchasesecurities from an affiliate based on price quotesobtained from certain electronic screens so longas, among other things, (1) the selling affiliate isa broker-dealer registered with the SEC, (2) thesecurities are traded in a ready market and eli-gible for purchase by state IDIs, (3) the securi-ties are not purchased within 30 days of anunderwriting (if an affiliate of the IDI is anunderwriter of the securities), and (4) the securi-ties are not issued by an affiliate. See sec-tion 2020.1.10.2 for a further discussion of thisexemption.

In contrast with credit transactions, an assetpurchase from a nonaffiliate that later becomesan affiliate generally does not become a cov-ered transaction for the purchasing IDI. How-ever, if an IDI purchases assets from a nonaf-filiate in contemplation that the nonaffiliate willbecome an affiliate of the IDI, the asset pur-chase becomes a covered transaction at thetime the nonaffiliate becomes an affiliate. Inaddition, the IDI must ensure that the aggregateamount of the IDI’s covered transactions(including any such asset purchase from thenonaffiliate) would not exceed the quantitativelimits of section 23A at the time the nonaffili-ate becomes an affiliate.

The following examples are provided to assistIDIs in valuing purchases of assets from anaffiliate. An IDI’s receipt of an encumberedasset from an affiliate ceases to be a coveredtransaction when, for example, the IDI sells theasset.

• Cash purchase of assets. An IDI purchases apool of loans from an affiliate for $10 million.The IDI initially must value the covered trans-action at $10 million. Going forward, if theborrowers repay $6 million of the principalamount of the loans, the IDI may value thecovered transaction at $4 million.

• Purchase of assets through an assumption ofliabilities. An affiliate of an IDI contributesreal property with a fair market value of$200,000 to the IDI. The IDI pays the affiliateno cash for the property, but assumes a$50,000 mortgage on the property. The IDI

43. A member bank would not be required to include

unfunded, but committed, amounts in the value of the covered

transaction if (1) the credit facility being transferred from the

affiliate to the bank is unconditionally cancelable (without

cause) at any time by the IDI and (2) the IDI makes a separate

credit decision before each drawing under the facility (see

12 C.F.R. 223.22).



has engaged in a covered transaction with theaffiliate and initially must value the transac-tion at $50,000. Going forward, if the IDIretains the real property but pays off the mort-gage, the IDI must continue to value the cov-ered transaction at $50,000. If the IDI, how-ever, sells the real property, the transactionceases to be a covered transaction at the timeof the sale (regardless of the status of themortgage).

2020.1.4.3.2 IDI’s Purchase ofSecurities Issued by an Affiliate

Section 23A includes as a covered transactionan IDI’s purchase of, or investment in, securi-ties issued by an affiliate. Section 223.23 of therule requires an IDI to value a purchase of, orinvestment in, securities issued by an affiliate(other than a financial subsidiary of the IDI) atthe greater of the IDI’s purchase price or carry-ing value of the securities. An IDI that paid noconsideration in exchange for affiliate securitieshas to value the covered transaction at no lessthan the IDI’s carrying value of the securities. Inaddition, if the IDI’s carrying value of the affili-ate securities increased or decreased after theIDI’s initial investment (due to profits or lossesat the affiliate), the amount of the IDI’s coveredtransaction would increase or decrease to reflectthe IDI’s changing financial exposure to theaffiliate. However, the amount of the IDI’s cov-ered transaction cannot decline below theamount paid by the IDI for the securities.

Several important considerations support thegeneral carrying-value approach of this valua-tion rule. First, the approach would require anIDI to reflect its investment in securities issuedby an affiliate at carrying value throughout thelife of the investment, even if the IDI paid noconsideration for the securities. Second, theapproach is supported by the terms of the stat-ute, which defines both a ‘‘purchase of’’ and an‘‘investment in’’ securities issued by an affiliateas a covered transaction. The statute’s ‘‘invest-ment in’’ language indicates that Congress wasconcerned with an IDI’s continuing exposure toan affiliate through an ongoing investment in theaffiliate’s securities.

Third, GLB Act amendments to section 23Asupported the approach. The GLB Act defined afinancial subsidiary of an IDI as an affiliate ofthe IDI, but specifically provides that the sec-tion 23A value of an IDI’s investment in securi-

ties issued by a financial subsidiary did notinclude retained earnings of the subsidiary. Thenegative implication from this provision is thatthe section 23A value of an IDI’s investment inother affiliates includes the affiliates’ retainedearnings, which would be reflected in the IDI’scarrying value of the investment under the rule.

Finally, the carrying-value approach isconsistent with the purposes of section 23A—imiting the financial exposure of IDIs to theiraffiliates and promoting safety and soundness.The valuation rule requires an IDI to revalueupwards the amount of an investment in affili-ate securities only when the IDI’s exposure tothe affiliate increases (as reflected on the IDI’sfinancial statements) and the IDI’s capitalincreases to reflect the higher value of theinvestment. In these circumstances, the valua-tion rule merely reflects the IDI’s greater finan-cial exposure to the affiliate and enhances safetyand soundness by reducing the IDI’s ability toengage in additional transactions with an affili-ate as the IDI’s exposure to that affiliateincreases.

The valuation rule also provides that thecovered-transaction amount of an IDI’s invest-ment in affiliate securities can be no less thanthe purchase price paid by the IDI for thesecurities, even if the carrying value of thesecurities declines below the purchase price.This aspect of the valuation rule uses the IDI’spurchase price for the securities as a floor forvaluing the covered transaction. First, it ensuresthat the amount of the covered transaction neverfalls below the amount of funds actuallytransferred by the IDI to the affiliate in connec-tion with the investment. In addition, thepurchase-price floor limits the ability of an IDIto provide additional funding to an affiliate asthe affiliate approaches insolvency. If invest-ments in securities issued by an affiliate werevalued strictly at carrying value, then the IDIcould lend more funds to the affiliate as the af-filiate’s financial condition worsened. As the af-filiate declined, the IDI’s carrying value of theaffiliate’s securities would decline, the sec-tion 23A value of the IDI’s investment likelywould decline, and, consequently, the IDI wouldbe able to provide additional funding to theaffiliate under section 23A. This type of increas-ing support for an affiliate in distress is whatsection 23A was intended to restrict.

The following examples are designed to assistIDIs in valuing purchases of, and investmentsin, securities issued by an affiliate:

• Purchase of the debt securities of an affiliate.The parent holding company of an IDI owns



100 percent of the shares of a mortgage com-pany. The IDI purchases debt securities issuedby the mortgage company for $600. The ini-tial carrying value of the securities is $600.The IDI initially must value the investment at$600.

• Purchase of the shares of an affiliate. Theparent holding company of an IDI owns51 percent of the shares of a mortgage com-pany. The IDI purchases an additional 30 per-cent of the shares of the mortgage companyfrom a third party for $100. The initial carry-ing value of the shares is $100. The IDIinitially must value the investment at $100.Going forward, if the IDI’s carrying value ofthe shares declines to $40, the IDI must con-tinue to value the investment at $100.

• Contribution of the shares of an affiliate. Theparent holding company of an IDI owns100 percent of the shares of a mortgage com-pany and contributes 30 percent of the sharesto the IDI. The IDI gives no consideration inexchange for the shares. If the initial carryingvalue of the shares is $300, then the IDIinitially must value the investment at $300.Going forward, if the IDI’s carrying value ofthe shares increases to $500, the IDI mustvalue the investment at $500.

2020.1.4.5 Issuance of a Letter of Creditor Guarantee

2020.1.4.5.1 Confirmation of a Letter ofCredit Issued by an Affiliate

Section 23A includes as a covered transactionthe issuance by an IDI of a letter of credit onbehalf of an affiliate, including the confirmationof a letter of credit issued by an affiliate as acovered transaction. (See section 223.3(h)(5).)When an IDI confirms a letter of credit, itassumes the risk of the underlying transaction tothe same extent as if it had issued the letter ofcredit.44 Accordingly, a confirmation of a letterof credit issued by an affiliate is treated in thesame fashion as an issuance of a letter of crediton behalf of an affiliate.

2020.1.4.5.2 Credit EnhancementsSupporting a Securities Underwriting

The definition of guarantee in section 23A doesnot include an IDI’s issuance of a guarantee in

support of securities issued by a third party andunderwritten by a securities affiliate of the IDI.45

Such a credit enhancement would not be issued‘‘on behalf of’’ the affiliate. Although the guar-antee does provide some benefit to the affiliate(by facilitating the underwriting), this benefit isindirect. The proceeds of the guarantee wouldnot be transferred to the affiliate for purposes ofthe attribution rule of section 23A.46 Section23B would apply to the transaction and, wherean affiliate was issuer as well as underwriter, thetransaction would be covered by section 23Abecause the credit enhancement would be onbehalf of the affiliate.

2020.1.4.5.3 Cross-GuaranteeAgreements and Cross-Affiliate NettingArrangements

A cross-guarantee agreement among an IDI, anaffiliate, and a nonaffiliate in which the nonaffili-ate may use the IDI’s assets to satisfy the obliga-tions of a defaulting affiliate is a guarantee forpurposes of section 23A. The cross-guaranteearrangements among IDIs and their affiliates aresubject to the quantitative limits and collateralrequirements of section 23A. (See sec-tion 223.3(h)(5).)

As for cross-affiliate netting arrangements(CANAs), such arrangements involve an IDI,one or more affiliates of the IDI, and one ormore nonaffiliates of the IDI, where a nonaffili-ate is permitted to deduct obligations of anaffiliate of the IDI to the nonaffiliate when set-tling the nonaffiliate’s obligations to the IDI.These arrangements also would include agree-ments in which an IDI is required or permittedto add the obligations of an affiliate of the IDI toa nonaffiliate when determining the IDI’s obli-gations to the nonaffiliate. These types ofCANAs expose an IDI to the credit risk of itsaffiliates because the IDI may become liable forthe obligations of its affiliates. Because theexposure of an IDI to an affiliate in such anarrangement resembles closely the exposure ofan IDI when it issues a guarantee on behalf ofan affiliate, the rule explicitly includes sucharrangements in the definition of covered trans-action. Accordingly, the quantitative limits ofsection 23A would prohibit an IDI from enter-ing into such a CANA to the extent that the

44. See UCC 5-107(2).

45. See 62 Fed. Reg. 45295, August 27, 1997.

46. See 12 U.S.C. 371c(a)(2).



netting arrangement does not cap the potentialexposure of the IDI to the participating affiliate(or affiliates).

2020.1.4.5.4 Keepwell Agreements

In a keepwell agreement between an IDI and anaffiliate, the IDI typically commits to maintainthe capital levels or solvency of the affiliate. Thecredit risk incurred by the IDI in entering intosuch a keepwell agreement is similar to thecredit risk incurred by an IDI in connection withissuing a guarantee on behalf of an affiliate. Asa consequence, keepwell agreements generallyshould be treated as guarantees for purposes ofsection 23A and, if unlimited in amount, wouldbe prohibited by the quantitative limits of sec-tion 23A.

2020.1.4.5.5 Prohibition on the Purchaseof Low-Quality Assets

Section 23A generally prohibits the purchase byan IDI of a low-quality asset from an affiliate.47

In addition, an IDI and its subsidiaries cannotpurchase or accept as collateral a low-qualityasset from an affiliate. Section 23A defines alow-quality asset to include (1) an asset classi-fied as ‘‘substandard,’’ ‘‘doubtful,’’ or ‘‘loss,’’ ortreated as ‘‘other loans specially mentioned,’’ inthe most recent report of examination or inspec-tion by a federal or state supervisory agency (a‘‘classified asset‘‘), (2) an asset in nonaccrualstatus, (3) an asset on which payments are morethan 30 days past due in the payment of princi-pal or interest, or (4) an asset whose terms havebeen renegotiated or compromised due to thedeteriorating financial condition of the obligor.Any asset meeting one of the above four crite-ria, including securities and real property, is alow-quality asset.

Regulation W expands the definition of low-quality assets in several respects. (See 12 C.F.R.223.3(v).) First an asset may be identified byexaminers as a low-quality asset if they repre-sent credits to countries that are not complyingwith their external debt-service obligations butare taking positive steps to restore debt servicethrough economic adjustment measures, gener-

ally as part of an International Monetary FundProgram. Although such assets may not be con-sidered classified assets, examiners are to con-sider these assets in their assessment of an IDI’sasset quality and capital adequacy.

Second, the rule considers a financial institu-tion’s use of its own internal asset-classificationsystems. The rule includes within the definitionof low-quality asset not only assets classifiedduring the last examination but also assets clas-sified or treated as special mention under theinstitution’s internal classification system (orassets that received an internal rating that issubstantially equivalent to classified or specialmention in such an internal system).

The purchase by an IDI from an affiliate ofassets that have been internally classified raisespotentially significant safety-and-soundnessconcerns. The Board expects companies withinternal rating systems to use the systems con-sistently over time and over similar classes ofassets and will view as an evasion of sec-tion 23A any company’s deferral or alteration ofan asset’s rating to facilitate sale of the asset toan affiliated institution.

Finally, the rule defines low-quality asset toinclude foreclosed property designated ‘‘otherreal estate owned’’ (OREO), until it is reviewedby an examiner and receives a favorable classi-fication. It further defines as a low-quality assetany asset (not just real estate) that is acquired insatisfaction of a debt previously contracted (notjust through foreclosure) if the asset has not yetbeen reviewed in an examination or inspection.Under the rule, if a particular asset is goodcollateral taken from a bad borrower, the assetshould cease to be a low-quality asset uponexamination.

Section 23A provides a limited exception tothe general rule prohibiting purchase of low-quality assets if the IDI performs an indepen-dent credit evaluation and commits to the pur-chase of the asset before the affiliate acquiresthe asset.48 Section 223.15 of the rule also pro-vides an exception from the prohibition on thepurchase by an IDI of a low-quality asset froman affiliate for certain loan renewals. The ruleallows an IDI that purchased a loan participa-tion from an affiliate to renew its participation inthe loan, or provide additional funding under theexisting participation, even if the underlyingloan had become a low-quality asset, so long ascertain criteria were met. These renewals oradditional credit extensions may enable both theaffiliate and the participating IDI to avoid orminimize potential losses. The exception is

47. 12 U.S.C. 371c(a)(3). Section 23A does not prohibit an

affiliate from donating a low-quality asset to a member bank,

so long as the bank provides no consideration for the asset and

no liabilities are associated with the asset.

48. 12 U.S.C. 371c(a)(3).



available only if (1) the underlying loan was nota low-quality asset at the time the IDI purchasedits participation and (2) the proposed transactionwould not increase the IDI’s proportional shareof the credit facility. The IDI must also obtainthe prior approval of its entire board of directors(or its delegees) and it must give a 20 days’post-consummation notice to its appropriate fed-eral banking agency. An IDI is permitted toincrease its proportionate share in a restructuredloan by 5 percent (or by a higher percentagewith the prior approval of the IDI’s appropriatefederal banking agency). The scope of theexemption includes renewals of participations inloans originated by any affiliate of the IDI (notjust affiliated IDIs).

2020.1.5 COLLATERAL FOR CERTAINTRANSACTIONS WITH AFFILIATES

Section 23A requires a member bank’s use ofcollateral for certain transactions between anIDI and its affiliates.49 Each loan or extension ofcredit to an affiliate,50 or guarantee, acceptance,or letter of credit issued on behalf of an affiliateby an IDI or its subsidiary, and any credit expo-sure of an IDI or a subsidiary to an affiliateresulting from a securities borrowing or lendingtransaction, or a derivative transaction, shall besecured at all times by collateral (“credit expo-sure”) at the amounts required by the statute.The required collateral varies,51 depending onthe type of collateral used to secure the transac-tion.52 The specific collateral requirements are—

1. 100 percent of the amount of such loan orextension of credit, guarantee, acceptance,letter of credit or credit exposure, if the col-lateral is composed of—a. obligations of the United States or its

agencies;b. obligations fully guaranteed by the United

States or its agencies as to principal andinterest;

c. notes, drafts, bills of exchange, or bank-er’s acceptances that are eligible for redis-count or purchase by a Federal ReserveBank;53 or

d. a segregated, earmarked deposit accountwith the member bank that is for the solepurpose of securing credit transactionsbetween the member bank and its affili-ates and is identified as such.

2. 110 percent of the amount of such loan orextension of credit, guarantee, acceptance, orletter of credit if the collateral is composedof obligations of any state or political subdi-vision of any state;

3. 120 percent of the amount of such loan orextension of credit, guarantee, acceptance, orletter of credit if the collateral is composedof other debt instruments, including receiv-ables; or

4. 130 percent of the amount of such loan orextension of credit, guarantee, acceptance, orletter of credit if the collateral is composedof stock, leases, or other real or personalproperty.

For example, an IDI makes a $1,000 loan toan affiliate. The affiliate posts as collateral forthe loan $500 in U.S. Treasury securities, $480in corporate debt securities, and $130 in realestate. The loan satisfies the collateral require-ments of section 23A because $500 of the loanis 100 percent secured by obligations of theUnited States, $400 of the loan is 120 percentsecured by debt instruments, and $100 of theloan is 130 percent secured by real estate. Thestatute prohibits an IDI from counting a low-quality asset toward section 23A’s collateralrequirements for credit transactions with affili-ates.54 An IDI must maintain a perfected secu-rity interest at all times in the collateral thatsecures the credit transaction.

Each loan or extension of credit to an affiliateor guarantee, acceptance, credit exposure or let-ter of credit issued on behalf of an affiliate(herein referred to as credit transactions) by anIDI or its subsidiary must be secured at the timeof the transaction by collateral.

2020.1.5.1 Collateral Requirements inRegulation W

The collateral requirements for credit transac-tions are found in section 23A (c) of the statute.Section 23A (c)(1) requires that an IDI meet thecollateral requirements of the statute at all times.A low-quality asset cannot be used to satisfy the

49. The IDI must perfect the security interest in the collat-

eral (Fitzpatrick v. FDIC, 765 F.2d 569 (6th Cir. 1985). A

purchase of assets from an affiliate does not require collateral.

50. 12 U.S.C. 371c(b)(7).

51. ‘‘Credit extended’’ means the loan or extension of

credit, guarantee, acceptance, or letter of credit.

52. 12 U.S.C. 371c(c)(1).

53. Regulation A includes a representative list of accept-

able government obligations (12 C.F.R. 201.108).

54. 12 U.S.C. 371c(c)(3).



statute’s or regulation’s collateral requirements,but can be taken as additional collateral.

2020.1.5.1.1 Deposit Account Collateral

Under section 23A, an IDI may satisfy the col-lateral requirements of the statute by securing acredit transaction with an affiliate with a ‘‘segre-gated, earmarked deposit account’’ maintainedwith the IDI in an amount equal to 100 percentof the credit extended.55 IDIs may secure cov-ered transactions with omnibus deposit accountsso long as the IDI takes steps to ensure that theomnibus deposit accounts fully secure the rel-evant covered transactions. Such steps mightinclude substantial overcollateralization or theuse of subaccounts or other recordkeepingdevices to match deposits with covered transac-tions. To obtain full credit for any depositaccounts taken as section 23A collateral, IDIsmust ensure that they have a perfected, first-priority security interest in the accounts. (Seesection 223.14(b)(1)(i)(D).)

2020.1.5.1.2 Ineligible Collateral

The purpose of section 23A’s collateral require-ments is to ensure that IDIs that engage in credittransactions with affiliates have legal recourse,in the event of affiliate default, to tangible assetswith a value at least equal to the amount of thecredit extended.

The statute recognizes that certain types ofassets are not appropriate to serve as collateralfor credit transactions with an affiliate. In par-ticular, the statute provides that low-qualityassets and securities issued by an affiliate arenot eligible collateral for such covered transac-tions.

Under section 223.14(c) of the rule, intan-gible assets also are not deemed acceptable tomeet the collateral requirements imposed bysection 23A.56 Intangible assets, including ser-vicing assets, are particularly hard to value, andan IDI may have significant difficulty in collect-ing and selling such assets in a reasonableperiod of time.

Section 23A(c) requires that credit transac-tions with an affiliate be ‘‘secured’’ by collat-

eral. A credit transaction between an IDI and anaffiliate supported only by a guarantee or letterof credit from a third party does not meet thestatutory requirement that the credit transac-tion be secured by collateral. Guarantees andletters of credit often are subject to materialadverse change clauses and other covenants thatallow the issuer of the guarantee or letter ofcredit to deny coverage. Letters of credit andguarantees are not balance-sheet assets underGAAP and, accordingly, would not constitute‘‘real or personal property’’ under sec-tion 23A. There is a particularly significant riskthat an IDI may have difficulty collecting on aguarantee or letter of credit provided by anonaffiliate on behalf of an affiliate of the IDI.Accordingly, guarantees and letters of credit arenot acceptable section 23A collateral.

As noted above, section 23A prohibits an IDIfrom accepting securities issued by an affiliateas collateral for an extension of credit to anyaffiliate. The rule clarifies that securities issuedby the IDI itself also are not eligible collateral tosecure a credit transaction with an affiliate.Equity securities issued by a lending IDI, anddebt securities issued by a lending IDI thatcount as regulatory capital of the IDI, are noteligible collateral under section 23A. If an IDIwas forced to foreclose on a credit transactionwith an affiliate secured by such securities, theIDI may be unwilling to liquidate the collateralpromptly to recover on the credit transactionbecause the sale might depress the price of theIDI’s outstanding securities or result in a changein control of the IDI. In addition, to the extentthat an IDI is unable or unwilling to sell suchsecurities acquired through foreclosure, thetransaction would likely result in a reduction inthe IDI’s capital, thereby offsetting any poten-tial benefit provided by the collateral.

2020.1.5.1.3 Perfection and Priority

Under section 223.14(d) of the rule, an IDI’ssecurity interest in any collateral required bysection 23A must be perfected in accordancewith applicable law to ensure that an IDI hasgood access to the assets serving as collateralfor its credit transactions with affiliates. Thisrequirement ensures that the IDI has the legalright to realize on the collateral in the case ofdefault, including a default resulting from theaffiliate’s insolvency or liquidation. An IDI alsois required to either obtain a first-priority secu-rity interest in the required collateral or deductfrom the amount of collateral obtained by theIDI the lesser of (1) the amount of any security

55. 12 U.S.C. 371c(c)(1)(A)(iv).

56. The rule does not confine the definition of intangible

assets by reference to GAAP.



interests in the collateral that are senior to thatobtained by the IDI or (2) the amount of anycredits secured by the collateral that are seniorto that of the IDI. For example, if an IDI lends$100 to an affiliate and takes as collateral asecond lien on a parcel of real estate worth$200, the arrangement would only satisfy thecollateral requirements of section 23A if theaffiliate owed the holder of the first lien $70 orless (a credit transaction secured by real estatemust be secured at 130 percent of the amount ofthe transaction).

The rule includes the following example ofhow to compute the section 23A collateral valueof a junior lien: An IDI makes a $2,000 loan toan affiliate. The affiliate grants the IDI a second-priority security interest in a piece of real estatevalued at $3,000. Another institution that previ-ously lent $1,000 to the affiliate has a first-priority security interest in the entire parcel ofreal estate. This transaction is not in compliancewith the collateral requirements of this section.Because of the existence of the prior third-partylien on the real estate, the effective value of thereal estate collateral for the IDI for purposes ofthis section is only $2,000—$600 less than theamount of real estate collateral required by thissection for the transaction ($2,000 × 130 percent= $2,600).

2020.1.5.1.4 Unused Portion of anExtension of Credit

Section 23A requires that the ‘‘amount’’ of anextension of credit be secured by the statutorilyprescribed levels of collateral. Under the statute,an IDI provides a line of credit to an affiliate, itmust secure the full amount of the line of creditthroughout the life of the credit. Section223.14(f)(2) of the rule, however, provides anexemption to the collateral requirements of sec-tion 23A for the unused portion of an extensionof credit to an affiliate so long as the IDI doesnot have any legal obligation to advance addi-tional funds under the credit facility until theaffiliate has posted the amount of collateralrequired by the statute with respect to the entireused portion of the extension of credit.57 In suchcredit arrangements, securing the unused por-tion of the credit line is unnecessary from asafety-and-soundness perspective because theaffiliate cannot require the IDI to advance addi-

tional funds without posting the additional col-lateral required by section 23A. If an IDI volun-tarily advances additional funds under such acredit arrangement without obtaining the addi-tional collateral required under section 23A tosecure the entire used amount (despite its lackof a legal obligation to make such an advance),the Board views this action as a violation of thecollateral requirements of the statute. The entireamount of the line counts against the IDI’squantitative limit, even if the line of credit doesnot need to be secured.

2020.1.5.1.5 Purchasing Affiliate DebtSecurities in the Secondary Market

An IDI’s investment in the debt securities issuedby an affiliate is an extension of credit by theIDI to the affiliate and thus is subject to sec-tion 23A’s collateral requirements. Section223.14(f)(3) of the rule provides an exemptionthat permits IDIs in certain circumstances topurchase debt securities issued by an affiliatewithout satisfying the collateral requirements ofsection 23A. The exemption is available wherean IDI purchases an affiliate’s debt securitiesfrom a third party in a bona fide secondary-market transaction. When an IDI buys an affili-ate’s debt securities in a bona fide secondary-market transaction, the risk that the purchase isdesigned to shore up an ailing affiliate isreduced. Any purchase of affiliate debt securi-ties that qualifies for this exemption would stillremain subject to the quantitative limits of sec-tion 23A and the market-terms requirement ofsection 23B. In analyzing an IDI’s good faithunder this exemption transaction, examinersshould look at (1) the time elapsed between theoriginal issuance of the affiliate’s debt securitiesand the IDI’s purchase, (2) the existence of anyrelevant agreements or relationships betweenthe IDI and the third-party seller of the affili-ate’s debt securities, (3) any history of IDIfinancing of the affiliate, and (4) any other rel-evant information.

2020.1.5.1.6 Credit Transactions withNonaffiliates that Become Affiliates

IDIs sometimes lend money to, or issue guaran-tees on behalf of, unaffiliated companies thatlater become affiliates of the IDI. Section223.21(b)(2) provides transition rules that57. This does not apply to guarantees, acceptances, and

letters of credit issued on behalf of an affiliate. These instru-

ments must be fully collateralized at inception. Moreover,

these transactions are still subject to the 10 and 20 percent

limits of the statute.



exempt credit transactions from the collateralrequirements in situations in which the IDIentered into the transactions with the nonaffili-ate at least one year before the nonaffiliatebecame an affiliate of the IDI. For example, anIDI with capital stock and surplus of $1,000 andno outstanding covered transactions makes a$120 unsecured loan to a nonaffiliate. The IDIdoes not make the loan in contemplation of thenonaffiliate becoming an affiliate. Nine monthslater, the bank holding company purchases allthe stock of the nonaffiliate, thereby making thenonaffiliate an affiliate of the IDI. The IDI is notin violation of the quantitative limits of therule’s section 223.11 or 223.12 at the time of thestock acquisition. The IDI is, however, prohib-ited from engaging in any additional coveredtransactions with the new affiliate at least untilsuch time as the value of the loan transactionfalls below 10 percent of the IDI’s capital stockand surplus, and the transaction counts towardthe 20 percent limit for transactions with allaffiliates. In addition, the IDI must bring theloan into compliance with the collateral require-ments of section 223.14 promptly after the stockacquisition. Transactions with nonaffiliates incontemplation of the nonaffiliate becoming anaffiliate must meet the quantitative and collat-eral requirements of the rule at the time of theinception of the credit transaction and of theaffiliation.

2020.1.6 LIMITATIONS ONCOLLATERAL

IDIs may accept as collateral for covered trans-actions receivables, leases, or other real or per-sonal property.58 The following are limitationsand collateral restrictions:

1. Any collateral that is subsequently retired oramortized must be replaced by additionaleligible collateral. This is done to keep thepercentage of the collateral value relative tothe amount of the outstanding loan or exten-sion of credit, guarantee, acceptance, or letterof credit equal to the minimum percentagethat was required at the inception of thetransaction.

2. A low-quality asset is not acceptable as col-

lateral for a loan or extension of credit to, orfor a guarantee, acceptance, or letter of creditissued on behalf of, an affiliate, or creditexposure to an affiliate resulting from a secu-rities borrowing or lending transaction, orderivative transaction.

3. Securities or other debt obligations issued byan affiliate of an IDI shall not be acceptableas collateral for a loan or extension of creditto, or for a guarantee, acceptance, or letter ofcredit issued on behalf of, or credit exposurefrom a securities borrowing or lending trans-action, or derivative transaction to, that affili-ate or any other affiliate of the IDI.

The above collateral requirements are not appli-cable to an acceptance that is already fullysecured either by attached documents or byother property that is involved in the transactionand has an ascertainable market value.

2020.1.7 DERIVATIVETRANSACTIONS WITH AFFILIATES

2020.1.7.1 Derivative Transactionsbetween Insured Depository Institutionsand Their Affiliates

Derivative transactions between an IDI and itsaffiliates generally arise from the risk-management needs of the institution or the affili-ate. Transactions arising from the institution’sneeds typically occur when an institution entersinto a swap or other derivative contract with acustomer but chooses not to hedge directly themarket risk generated by the derivative contract,or when the institution is unable to hedge therisk directly because it is not authorized to holdthe hedging asset. To manage the market risk,the institution may have an affiliate acquire thehedging asset. The institution would then do abridging derivative transaction between itselfand the affiliate maintaining the hedge.

Other derivative transactions between an IDIand its affiliate are affiliate-driven. To accom-plish its asset-liability-management goals, aninstitution’s affiliate may enter into an interest-rate or foreign-exchange derivative with theinstitution. For example, an institution’s holdingcompany may hold a substantial amount offloating-rate assets but issue fixed-rate debtsecurities to obtain cheaper funding. The hold-ing company may then enter into a fixed-to-floating interest-rate swap with its subsidiarymember bank to reduce the holding company’sinterest-rate risk.

58. As noted above, letters of credit and mortgage-

servicing rights may not be accepted as collateral for purposes

of section 23A. See section 223.14(c)(4)(5) of the rule

(12 C.F.R. 223.14(c )(4) and (5).



IDIs and their affiliates that seek to enter intoderivative transactions for hedging (or risk-taking) purposes could enter into the desiredderivatives with unaffiliated companies. IDIsand their affiliates often choose to use eachother as their derivative counterparties, how-ever, to maximize the profits of, and managerisks within, the consolidated financial group.

2020.1.7.1.1 Section 23A on DerivativesTransactions

The Dodd-Frank Act amended section 23A as itrelates to derivatives and now provides that aderivative transaction, as defined in paragraph(3) of section 5200(b) of the Revised Statutes(12 U.S.C. 84(b)) with an affiliate, is a coveredtransaction to the extent that the transactioncauses an IDI or a subsidiary to have creditexposure to the affiliate. The Dodd-Frank Actalso requires that any credit exposure must besecured consistent with the collateral require-ments of section 23A. This is a significantchange and requires that all IDIs calculate therelevant credit exposure and count that amounttowards the institution’s quantitative limits. TheDodd-Frank Act requires the IDI to establishand maintain policies and procedures designedto manage the credit exposure arising from thederivative. These policies and proceduresrequire, at a minimum, that the institution moni-tor and control its exposure to its affiliates byimposing appropriate credit controls and collat-eral requirements. Regulation W provides thatcredit derivatives between an institution and anunaffiliated third party that reference the obliga-tions of an affiliate of the institution and that arethe functional equivalent of a guarantee by theinstitution on behalf of an affiliate should betreated as a guarantee by the institution onbehalf of an affiliate for the purposes of sec-tion 23A. (The novation of a derivative betweenan IDI and its affiliate is treated as a purchaseunder the statute.)

2020.1.7.1.2 Section 23B andRegulation W Regarding DerivativeTransactions

Derivative transactions between an IDI and anaffiliate also are subject to section 23B of theFRA under the express terms of the statute.59

Regulation W clarifies further that the trans-actions are subject to the market-terms require-ment of section 23B of the FRA (see sec-tion 223.51). The rule requires IDIs to complystrictly with section 23B in their derivativetransactions with affiliates. Section 23B requiresan institution to treat an affiliate no better than asimilarly situated nonaffiliate. To comply withsection 23B of the FRA, each institution shouldhave in place credit limits on its derivativesexposure to affiliates that are at least as strict asthe credit limits the institution imposes on unaf-filiated companies that are engaged in similarbusinesses and are substantially equivalent insize and credit quality. Similarly, each institu-tion should monitor derivatives exposure toaffiliates at least as rigorously as it monitorsderivatives exposure to comparable unaffiliatedcompanies. In addition, each institution shouldprice and require collateral in its derivativetransactions with affiliates in a way that is atleast as favorable to the institution as the way inwhich it would price or require collateral in aderivative transaction with comparable unaffili-ated counterparties.

Section 23B generally does not allow an IDIto use with an affiliate the terms and conditionsit uses with its most creditworthy unaffiliatedcustomer unless the institution can demonstratethat the affiliate is of comparable creditworthi-ness as its most creditworthy unaffiliated cus-tomer. Instead, section 23B requires that anaffiliate be treated comparably (with respect toterms, conditions, and credit limits) to themajority of third-party customers engaged in thesame business, and having comparable creditquality and size as the affiliate. Because an IDIgenerally has the strongest credit rating within aholding company, the Board generally wouldnot expect an affiliate to obtain better terms andconditions from an IDI than the institutionreceives from its major unaffiliated counterpar-ties. In addition, market terms for derivativesamong major financial institutions generallyinclude daily marks to market and two-waycollateralization above a relatively small expo-sure threshold.

59. In addition to applying to covered transactions, as

defined in section 23A of the FRA, the market-terms require-

ment of section 23B of the FRA applies broadly to, among

other things, ‘‘[t]he payment of money or the furnishing of

services to an affiliate under contract, lease, or otherwise’’

(12 U.S.C. 371c-1(a)(2)(C)). Institution-affiliate derivatives

generally involve a contract or agreement to pay money to the

affiliate or furnish risk-management services to the affiliate.



2020.1.7.1.3 Covering Derivatives ThatAre the Functional Equivalent of aGuarantee

Although most derivatives are not treated ascovered transactions, section 223.33 of the ruleprovides that credit derivatives between an IDIand a nonaffiliate in which the IDI protects thenonaffiliate from a default on, or a decline in thevalue of, an obligation of an affiliate of the IDIare covered transactions under section 23A.Such derivative transactions are viewed as guar-antees by a member bank on behalf of an affili-ate (and, hence, are covered transactions) undersection 23A.

The rule provides that these credit derivativesare covered transactions under section 23A andgives several examples.60 An IDI is not allowedto reduce its covered transaction amount forthese derivatives to reflect hedging positionsestablished by the IDI with third parties. Acredit derivative is treated as a covered transac-tion only to the extent that the derivative pro-vides credit protection with respect to obliga-tions of an affiliate of the IDI.

2020.1.8 INTRADAY EXTENSIONS OFCREDIT

An extension of credit under section 23A of theFRA includes the credit exposure arising fromintraday extensions of credit by IDIs to theiraffiliates. IDIs regularly provide transactionaccounts to their affiliates in conjunction withproviding payment and securities clearing ser-vices. As in the case of unaffiliated commercialcustomers, these accounts are occasionally sub-ject to overdrafts during the day that are repaidin the ordinary course of business.

Intraday extensions of credit by an IDI to anaffiliate are subject to the market-terms require-ment of section 23B under the rule. The rulealso requires that, under section 23A, institu-tions establish and maintain policies andprocedures that are reasonably designed to man-age the credit exposure arising from aninstitution’s intraday extensions of credit toaffiliates. The policies and procedures must, at aminimum, provide for monitoring and control-ling the institution’s intraday credit exposure to

each affiliate, and to all affiliates in the aggre-gate, and ensure that the institution’s intradaycredit extensions to affiliates comply with sec-tion 23B.

Section 223.42(l) of the rule provides thatintraday credit extensions by an IDI to an affili-ate are section 23A covered transactions butexempts all such intraday credit extensionsfrom the quantitative and collateral require-ments of section 23A if the IDI (1) maintainspolicies and procedures for the management ofintraday credit exposure and (2) has no reasonto believe that any affiliate receiving intradaycredit would have difficulty repaying the creditin accordance with its terms. The policies andprocedures are to be established and main-tained for—

1. monitoring and controlling the credit expo-sure arising at any one time from the IDI’sintraday extensions of credit to each affiliateand all affiliates in the aggregate and

2. ensuring that any intraday extensions ofcredit by the IDI to an affiliate comply withthe market-terms requirement of sec-tion 223.51 of the rule.

2020.1.8.1 Standard under Which theAgencies May Grant AdditionalExemptions

The Dodd-Frank Act amended section 23A toauthorize the appropriate federal bankingagency to exempt transactions or relationshipsby order if the exemption would be in the publicinterest and consistent with the purposes of sec-tion 23A. The exemption determination requiresthe concurrence of the Board. The FDIC has a60-day period to determine whether therequested exemption presents an unacceptablerisk to the insurance fund. The request shoulddescribe in detail the transaction or relation-ship for which the member bank seeks exemp-tion. The exemption request also should explainwhy the Agency should exempt the transactionor relationship, and why it meets the publicinterest standard of the statute. The Board hasapproved a number of exemptions, most ofwhich involve corporate reorganizations. Theseexemptions are available on the Board’swebsite, www.federalreserve.gov/boarddocs/legalint/FederalReserve Act.

60. In most instances, the covered-transaction amount for

such a credit derivative would be the notional principal

amount of the derivative.



2020.1.9 EXEMPTIONS FROMSECTION 23A

Section 23A exempts seven transactions or rela-tions from its quantitative limits and collateralrequirements.61 Regulation W, subpart E, clari-fies these exemptions and exempts a number ofadditional types of transactions. The Boardreserves the right to revoke or modify any addi-tional exemption granted by the Board in Regu-lation W, if the Board finds that the exemption isresulting in unsafe or unsound banking prac-tices. The Board also reserves the right to termi-nate the eligibility of a particular IDI to use anysuch exemption if the IDI’s use of the exemp-tion is resulting in unsafe or unsound bankingpractices.

2020.1.9.1 Covered Transactions Exemptfrom the Quantitative Limits andCollateral Requirements

Under the rule’s section 223.41, the quantitativelimits (sections 223.11 and 223.12) and the col-lateral requirements (section 223.14) do notapply to the following transactions. The transac-tions are, however, subject to the safety-and-soundness requirement (section 223.13) and theprohibition on the purchase of a low-qualityasset (section 223.15).

2020.1.9.1.1 Parent Institution/SubsidiaryInstitution Transactions

Transactions with an IDI are exempt from thequantitative limits and collateral requirements(section 223.14) if the member bank controls80 percent or more of the voting securities ofthe IDI or the depository institution controls80 percent or more of the voting securities ofthe IDI.

2020.1.9.1.2 Sister-Bank Exemption(section 223.41(b))

Regulation W exempts transactions with an IDIif the same company controls 80 percent ormore of the voting securities of the memberbank and the IDI.62 In addition, the statute pro-

vides that covered transactions between sisterbanks must be consistent with safe and soundbanking practices.63

The sister-bank exemption generally appliesonly to transactions between IDIs.64 The rule’sdefinition of affiliate excludes uninsured deposi-tory institution subsidiaries of a member bank.Covered transactions between a member bankand a parent uninsured depository institution ora commonly controlled uninsured depositoryinstitution, under the rule, generally would besubject to section 23A, whereas covered transac-tions between a member bank and a subsidiaryuninsured depository institution would not besubject to section 23A.65

The sister-bank exemption, by its terms, onlyexempts transactions by a member bank with asister-bank affiliate; hence, the sister-bankexemption cannot exempt a member bank’sextension of credit or other covered transactionto an affiliate that is not a sister bank (even if theextension of credit was purchased from a sisterbank). For example, an IDI purchases fromSister-Bank Affiliate A a loan to Affiliate B in apurchase that qualifies for the sister-bankexemption in section 23A. The IDI’s asset pur-chase from Sister-Bank Affiliate A would be anexempt covered transaction under sec-tion 223.41(b), but the member bank also wouldhave acquired an extension of credit to AffiliateB, which would be a covered transactionbetween the IDI and Affiliate B under sec-tion 223.3(h)(1) that does not qualify for thesister-bank exemption.

2020.1.9.1.3 Purchase of Loans on aNonrecourse Basis from an Affiliated IDI

Banks that are commonly controlled (i.e., atleast 25 percent common ownership) can

61. See 12 U.S.C. 371c(d)

62. Banks that are affiliated in this manner are referred to

as ‘‘sister banks.’’ Sister banks can improve their efficiency

through intercorporate transfers under this exception. Also,

‘‘company’’ in this context is not limited to a bank holding

company. For example, if a retail corporation owns two credit

card banks, the two credit card banks would be sister banks,

and the sister-bank exception could be used for transactions

between two credit card banks.

63. 12 U.S.C. 371c(a)(4).

64. A member bank and its operating subsidiaries are

considered a single unit for purposes of section 23A. Under

the statute and the regulation, transactions between a member

bank (or its operating subsidiary) and the operating subsidiary

of a sister-insured depository institution generally qualify for

the sister-bank exemption.

65. The sister-bank exemption in section 23A does not

allow a member bank to avoid any restrictions on sister-bank

transactions that may apply to the bank under the prompt

corrective-action framework set forth in section 38 of the FDI

Act (12 U.S.C. 1831o) and regulations adopted by the bank’s

appropriate federal banking agency.



purchase loans on a nonrecourse basis. Thisallows chain banks and banks in companies thatare not owned 80 percent by the same com-pany to achieve the same efficiency as sisterbanks. The exemption only applies to thepurchase of loans; other covered transactions,such as extensions of credit, are not exempt.

2020.1.9.1.4 Internal CorporateReorganizations

Section 223.41(d) of the rule provides anexemption for asset purchases by an IDI froman affiliate that is part of a one-time internalcorporate reorganization of a holding com-pany.66 The exemption includes purchases ofassets in connection with a transfer of securitiesissued by an affiliate to an IDI, as described insection 223.31(a).

Under this exemption, an IDI would be per-mitted to purchase assets (other than low-qualityassets) from an affiliate (including in connectionwith an affiliate share transfer that sec-tion 223.31 of the rule treats as a purchase ofassets) that are exempt from the quantitativelimits of section 23A if the following conditionsare met.

First, the purchase must be part of an internalcorporate reorganization of a holding companythat involves the transfer of all or substantiallyall of the shares or assets of an affiliate or of adivision or department of an affiliate. The assetpurchase must not be part of a series of periodic,ordinary-course asset transfers from an affiliateto an IDI.67 Second, the IDI’s holding companymust provide the Board with contemporaneousnotice of the transaction and must commit to theBoard to make the IDI whole, for a period oftwo years, for any transferred assets that becomelow-quality assets.68 Third, a majority of the

IDI’s directors must review and approve thetransaction before consummation. Fourth, thesection 23A value of the covered transactionmust be less than 10 percent of the IDI’s capitalstock and surplus (or up to 25 percent of theIDI’s capital stock and surplus with the priorapproval of the appropriate federal bankingagency) for the IDI. Fifth, the holding companyand all its subsidiary depository institutionsmust be well capitalized and well managed andmust remain well capitalized upon consumma-tion of the transaction.

2020.1.9.2 Other Covered TransactionsExempt from the Quantitative Limits,Collateral Requirements, andLow-Quality-Asset Prohibition

The quantitative limits (sections 223.11 and223.12), the collateral requirements (sec-tion 223.14), and the prohibition on the pur-chase of a low-quality asset (section 223.15) donot apply to the following exempted transac-tions (see section 223.42) and certain condi-tions. The transactions are, however, subject tothe safety-and-soundness requirement (sec-tion 223.13). Detailed conditions or restrictionspertaining to these exemptions are discussedafter this list.

1. Making correspondent banking deposits inan affiliated depository institution (asdefined in section 3 of the FDI Act(12 U.S.C. 1813) or in an affiliated foreignbank that represents an ongoing, workingbalance maintained in the ordinary courseof correspondent business

2. Giving immediate credit to an affiliate foruncollected items received in the ordinarycourse of business

3. Transactions secured by cash or U. S. gov-ernment securities

4. Purchasing securities of a servicing affiliate,as defined by section 4(c)(1) of the BHCAct

66. See 1998 Fed. Res. Bull. 985 and 1013-14.

67. The IDI must provide the Board, as well as the appro-

priate federal agency, a notice that describes the primary

business activities of the affiliate whose shares or assets are

being transferred to the IDI and must indicate the anticipated

date of the reorganization.

68. The holding company can meet these criteria by either

repurchasing the assets at book value plus any write-down

that has been taken or by making a quarterly cash contribution

to the bank equal to the book value plus any write-downs that

have been taken by the bank. The purchase or payment must

be made within 30 days of each quarter end. In addition, if a

cash payment is made, the IDI will hold an amount of risk-

based capital equal to the book value of any transferred assets

that become low-quality so long as the IDI retains ownership

or control of the transferred asset. For example, under this

dollar-for-dollar capital requirement, the risk-based capital

charge for each transferred low-quality loan asset would be

100 percent (equivalent to a 1250 percent risk weight), rather

than the 8 percent requirement (equivalent to a 100 percent

risk weight) that would apply to a similar defaulted loan asset

that is not a part of the transferred asset pool. See the Board’s

letter dated December 21, 2007, to Andres L. Navarette

(Capital One Financial Corp.). Once the capital pool has been

allocated to specific assets as described above, the capital

cannot be applied to other low-quality assets if the initial

low-quality asset returns to performing status. The IDI can

only apply the allocated capital pool to new assets if the initial

assets are fully paid or sold.



5. Purchasing certain liquid assets6. Purchasing certain marketable securities7. Purchasing certain municipal securities8. Purchasing from an affiliate an extension of

credit subject to a repurchase agreementthat was originated by an IDI and sold tothe affiliate subject to a repurchase agree-ment or with recourse

9. Asset purchases from an affiliate by a newlyformed IDI, if the appropriate federal bank-ing agency for the IDI has approved theasset purchase in writing in connection withthe review of the formation of the IDI

10. Transactions approved under the BankMerger Act that involve affiliated IDIs or anIDI and the U.S. branches and agencies of aforeign bank

11. Purchasing, on a nonrecourse basis, anextension of credit from an affiliate undercertain conditions

12. Intraday extensions of credit13. Riskless-principal transactions

2020.1.9.2.1 Correspondent Banking

Section 23A exempts from its quantitative lim-its and collateral requirements a deposit by anIDI in an affiliated IDI or affiliated foreign bankthat is made in the ordinary course of correspon-dent business, subject to any restrictions that theBoard may impose.69 Section 223.42(a) of therule further provides that such deposits mustrepresent ongoing, working balances maintainedby the IDI in the ordinary course of conductingthe correspondent business.70 Although notspecified by section 23A or the Home Owners’Loan Act (HOLA), the rule also provides thatcorrespondent deposits in an affiliated insuredsavings association are exempt if they otherwisemeet the requirements of the exemption.

2020.1.9.2.2 Secured Credit Transactions

Section 23A and section 223.42(c) of the ruleexempt any credit transaction by an IDI with anaffiliate that is ‘‘fully secured’’ by obligations ofthe United States or its agencies, or obliga-tions that are fully guaranteed by the UnitedStates or its agencies, as to principal andinterest.71

A deposit account meets the ‘‘segregated,earmarked’’ requirement only if the accountexists for the sole purpose of securing credittransactions between the member bank and itsaffiliates and is so identified. Under sec-tion 23A, if U.S. government obligations ordeposit accounts are sufficient to fully secure acredit transaction, then the transaction is com-pletely exempt from the quantitative limits ofthe statute. If, however, the U.S. governmentobligations or deposit accounts represent lessthan full security for the credit transaction, thenthe amount of U.S. government obligations ordeposits counts toward the collateral require-ments of section 23A, but no part of the trans-action is exempt from the statute’s quantitativelimits.

The exemption provides that a credit transac-tion with an affiliate will be exempt ‘‘to theextent that the transaction is and remainssecured’’ by appropriate (d)(4) collateral. If anIDI makes a $100 nonamortizing term loan toan affiliate that is secured by $50 of U.S. Trea-sury securities and $75 of real estate, the valueof the covered transaction will be $50. If themarket value of the U.S. Treasury securitiesfalls to $45 during the life of the loan, the valueof the covered transaction would increase to$55. The Board expects IDIs that use thisexpanded (d)(4) exemption to review the marketvalue of their U.S. government obligations col-lateral regularly to ensure compliance with theexemption.

2020.1.10 ASSET PURCHASES FROMAN AFFILIATE—EXEMPTIONS

2020.1.10.1 Purchase of a Security by anInsured Depository Institution from anAffiliate

Section 23A of the FRA restricts the ability ofa member bank to fund its affiliates throughasset purchases, loans, or certain other transac-tions (referred to as ‘‘covered transactions’’).Paragraph (d)(6) of section 23A contains anexemption from the statute (the (d)(6) exemp-tion) for ‘‘purchasing assets having a readilyidentifiable and publicly available market quo-

69. 12 U.S.C. 371c(d)(2).

70. Unlike the sister-bank exemption, the exemption for

correspondent banking deposits applies to deposits placed by

a member bank in an uninsured depository institution or

foreign bank.

71. 12 U.S.C. 371c(d)(4). A partial list of such obligations

can be found in the rules’s section 201.108 (12 C.F.R.

201.108).



tation,’’ if the purchase is at or below suchquotation.72

2020.1.10.2 Purchases of Assets withReadily Identifiable Market Quotes

Section 23A(d)(6) exempts the purchase ofassets by an IDI from an affiliate if the assetshave a ‘‘readily identifiable and publicly avail-able market quotation’’ and are purchased attheir current market quotation. The rule (sec-tion 223.42(e)) limits the availability of thisexemption (the (d)(6) exemption) to purchasesof assets with market prices that are recorded inwidely disseminated publications that are read-ily available to the general public, such as news-papers with a national circulation. Because as ageneral matter only exchange-traded assets arerecorded in such publications, this test hasensured that the qualifying assets are tradedactively enough to have a true ‘‘market quota-tion’’ and that examiners can verify that theassets are purchased at their current market quo-tation. The rule applies if the asset is purchasedat or below the asset’s current marketquotation.73

The (d)(6) exemption may apply to a pur-chase of assets that are not traded on anexchange. In particular, purchases of foreignexchange, gold, and silver, and purchases ofover-the-counter (OTC) securities and deriva-tive contracts whose prices are recorded inwidely disseminated publications, may qualifyfor the (d)(6) exemption.

If an IDI purchases from one affiliate, thesecurities issued by another affiliate, the IDI hasengaged in two types of covered transactions:(1) the purchase of securities from an affiliateand (2) the investment in securities issued by anaffiliate. Under the rule, although the(d)(6) exemption may exempt the one-timeasset purchase from the first affiliate, it wouldnot exempt the ongoing investment in securi-ties being issued by a second affiliate.

2020.1.10.3 Purchasing CertainMarketable Securities

Regulation W provided an additional exemp-tion from section 23A for certain purchases ofsecurities by a member bank from an affiliate.The rule expanded the statutory (d)(6) exemp-tion to allow a member bank to purchase secu-rities from an affiliate based on price quotesobtained from certain electronic services solong as, among other things, the selling affiliateis a broker-dealer registered with the SEC, thesecurities have a ready market and are eligiblefor purchase by state member banks, the securi-ties are not purchased within 30 days of anunderwriting (if an affiliate of the bank is anunderwriter of the securities), and the securitiesare not issued by an affiliate.

2020.1.10.3.1 Broker-Dealer Requirementand Securities Purchases from ForeignBroker-Dealers

Under the Regulation W exemption, the sellingaffiliate must be a broker-dealer securitiesaffiliate that is registered with the Securities andExchange Commission (SEC). Broker-dealersthat are registered with the SEC are subject tosupervision and examination by the SEC andare required by SEC regulations to keep andmaintain detailed records concerning eachsecurities transaction conducted by the broker-dealer. In addition, SEC-registered broker-dealers have experience in determining whethera security has a ‘‘ready market’’ under SECregulations. The rule does not expand theexemption to include securities purchases fromforeign broker-dealers. The rule explicitly pro-vides, however, that an IDI may request that theBoard exempt securities purchases from a par-ticular foreign broker-dealer, and the Boardwould consider these requests on a case-by-casebasis in light of all the facts and circumstances.

2020.1.10.3.2 Securities Eligible forPurchase by a State Member Bank

The exemption requires that the IDI’s purchaseof securities be eligible for purchase by a statemember bank. For example, the Board deter-mined that a member bank may purchase equitysecurities from an affiliate, if the purchase ismade to hedge the member bank’s permissiblecustomer-driven equity derivative transaction.The purchase must be treated as a purchase of asecurity on the Call Report.

72. 12 U.S.C. 371c(d)(6).

73. The rule provides that a U.S. government obligation is

an eligible (d)(6) asset only if the obligation’s price is quoted

routinely in a widely disseminated publication that is readily

available to the general public. Although all U.S. government

obligations have low credit risk, not all U.S. government

obligations trade in liquid markets at a publicly available

market quotation.



2020.1.10.3.3 No Purchases Within 30Days of an Underwriting

The exemption generally prohibits an IDI fromusing the exemption to purchase securities dur-ing an underwriting, or within 30 days of anunderwriting, if an affiliate of the IDI is anunderwriter of the securities. This provisionapplies unless the security is purchased as partof an issue of obligations of, or obligations fullyguaranteed as to principal and interest by, theUnited States or its agencies. The rule includesthe 30-day requirement because of the uncertainand volatile market values of securities duringand shortly after an underwriting period andbecause of the conflicts of interest that mayarise during and after an underwriting period,especially if an affiliate has difficulty selling itsallotment.

2020.1.10.3.4 No Securities Issued by anAffiliate

If an IDI purchases from one affiliate securitiesissued by another affiliate, it would not exemptthe investment in securities issued by the sec-ond affiliate, even though the exemption mayexempt the asset purchase from the first affili-ate. The transaction would be treated as a pur-chase of, or an investment in, securities issuedby an affiliate.

2020.1.10.3.5 Price-Verification Methods

The exemption applies only in situations inwhich the IDI is able to obtain price quotes onthe purchased securities from an unaffiliatedelectronic, real-time pricing service. The Boardreaffirmed its position that it would not beappropriate to use independent dealer quotationsor economic models to establish a market pricefor a security under the (d)(6) exemption. Asecurity that is not quoted routinely in a widelydisseminated news source or a third-party elec-tronic financial network may not trade in asufficiently liquid market to justify allowing anIDI to purchase unlimited amounts of the secu-rity from an affiliate.

2020.1.10.3.6 Record Retention

The rule expressly includes a two-year record-retention and supporting information require-ment that is sufficient to enable the appropriatefederal banking agencies to ensure that the

IDI is in compliance with the terms of theexemption.

2020.1.10.4 Purchasing MunicipalSecurities

Section 223.42(g) of the rule exempts an IDI’spurchase of municipal securities from an affili-ate if the purchase meets certain require-ments.74 First, the IDI must purchase themunicipal securities from a broker-dealer affili-ate that is registered with the SEC. Second, themunicipal securities must be eligible for pur-chase by a state member bank, and the IDImust report the transaction as a securities pur-chase in its Call Report. Third, the municipalsecurities should either be rated by a nationallyrecognized statistical rating organization(NRSRO) or be part of an issue of securitiesthat does not exceed $25 million in size. Fi-nally, the price for the securities purchasedmust be (1) quoted routinely on an unaffiliatedelectronic service that provides indicative datafrom real-time financial networks; (2) verifiedby reference to two or more actual independentdealer quotes on the securities to be purchasedor securities that are comparable to the securi-ties to be purchased; or (3) in the case of secu-rities purchased during the underwriting period,verified by reference to the price indicated inthe syndicate manager’s written summary ofthe underwriting.75 Under any of the three pric-ing options, the IDI must purchase the munici-pal securities at or below the quoted or verifiedprice.

2020.1.10.5 Purchase of Loans on aNonrecourse Basis

Section 223.41(c) of the rule exempts the pur-chase of loans on a nonrecourse basis from an

74. Municipal securities are defined by reference to sec-

tion 3(a)(29) of the Securities Exchange Act. That Act defines

municipal securities as direct obligations of, or obligations

guaranteed as to principal or interest by, a state or agency,

instrumentality, or political subdivision thereof, and certain

tax-exempt industrial development bonds. (See 17 U.S.C.

78c(a)(29).)

75. Under the Municipal Securities Rulemaking Board’s

Rule G-11, the syndicate manager for a municipal bond

underwriting is required to send a written summary to all

members of the syndicate. The summary discloses the aggre-

gate par values and prices of bonds sold from the syndicate

account.



affiliated depository institution. Under sec-tions 23A(d)(6), a member bank may purchaseloans on a nonrecourse basis from an affiliated‘‘bank’’ exempt from the quantitative limita-tions of section 23A, even if the transactionsdoes not qualify for the sister-bank exemp-tion.76 The rule clarifies that the scope of theexemption parallels that of the sister-bankexemption by stating that this exemptionapplies only to a member bank’s purchase of aloan from an affiliated IDI.

2020.1.10.6 Purchases of Assets byNewly Formed Institutions

Section 223.42(i) of the rule exempts a purchaseof assets by a newly formed IDI from an affiliateif the appropriate federal banking agency for theIDI has approved the purchase. This exemptionallows companies to charter a new IDI and totransfer assets to the IDI free of the quantitativelimits and low-quality-asset prohibition of sec-tion 23A.

2020.1.10.7 Transactions Approved underthe Bank Merger Act

The Bank Merger Act exemption applies totransactions between an IDI and a certain IDIaffiliate. Section 223.42(j) exempts transactionsbetween IDIs that are approved pursuant to theBank Merger Act. The rule also makes the BankMerger Act exemption available for merger andother related transactions between an IDI and aU.S. branch or agency of an affiliated foreignbank, if the transaction has been approved bythe responsible federal banking agency pursuantto the Bank Merger Act. There is no regulatoryexemption for merger transactions between anIDI and its nonbank affiliate. Any IDI mergingor consolidating with a nonbank affiliate may beable to take advantage of the regulatory exemp-tion for internal-reorganization transactions con-tained in section 223.41(d) of the rule.

2020.1.11 PURCHASES OFEXTENSIONS OF CREDIT—THEPURCHASE EXEMPTION

Regulation W codified, with changes, theexemption that was previously found at sec-tion 250.250 (12 C.F.R. 250.250). In general,

1. The purchase of an extension of credit on anonrecourse basis from an affiliate is exemptfrom section 23A’s quantitative limits pro-vided that—a. the extension of credit is originated by the

affiliate;b. the IDI makes an independent evaluation

of the creditworthiness of the borrowerbefore the affiliate makes or commits tomake the extension of credit;

c. the IDI commits to purchase the exten-sions of credit before the affiliate makesor commits to the extensions of credit;and

d. the IDI does not make a blanket advancecommitment to purchase extensions ofcredit from the affiliate. (See sec-tion 223.42(k) of the rule.)

2. The rule also includes a 50 percent limit onthe amount of loans an IDI may purchasefrom an affiliate under the purchase exemp-tion. When an IDI purchases more than halfof the extensions of credit originated by anaffiliate, the purchases represent the principalongoing funding mechanism for the affiliate.The IDI’s status as the predominant sourceof financing for the affiliate calls into ques-tion the availability of alternative fundingsources for the affiliate, places significantpressure on the IDI to continue to support theaffiliate through asset purchases, and reducesthe IDI’s ability to make independent creditdecisions with respect to the asset purchases.

3. ‘‘Substantial, ongoing funding’’ test. The ruleallows the appropriate federal bankingagency for an IDI to reduce the 50 percentthreshold prospectively, on a case-by-casebasis, in those situations in which the agencybelieves that the IDI’s asset purchases froman affiliate under the exemption may causeharm to the IDI.

4. Independent credit review by the IDI. Toqualify for the purchase exemption undersection 223.42(k), an IDI must independentlyreview the creditworthiness of the borrowerbefore committing to purchase each loan.Under established Federal Reserve guidance,an IDI is required to have clearly definedpolicies and procedures to ensure that it per-forms its own due diligence in analyzing the

76. See 12 U.S.C. 371c(d)(6).



credit and other risks inherent in a proposedtransaction.77 This function is not delegableto any third party, including affiliates of theIDI. Also, an IDI cannot rely on the stan-dards of a government-sponsored enterprise.Accordingly, to qualify for this exemption,the IDI, independently and using its owncredit policies and procedures, must itselfreview and approve each extension of creditbefore giving a purchase commitment to itsaffiliate.

5. Purchase of loans from an affiliate must bewithout recourse. In connection with an IDI’spurchase of loans from an affiliate, the affili-ate cannot retain recourse on the loans. Therule (section 223.42(k)) specifies that theexemption does not apply in situations wherethe affiliate retains recourse on the loanspurchased by the IDI. The rule also specifiesthat the purchase exemption only applies insituations where the IDI purchases loansfrom an affiliate that were originated by theaffiliate. The exemption cannot be used by anIDI to purchase loans from an affiliate thatthe affiliate purchased from another lender.The exemption is designed to facilitate anIDI’s using its affiliate as an originationagent, not to permit an IDI to take loans offan affiliate’s books that the affiliate pur-chased from a third party.

2020.1.12 OTHER BOARD-APPROVED EXEMPTIONS FROMSECTION 23A

Section 23A gives the Board the authority togrant exemptions from the statute’s restrictionsif such exemptions are ‘‘in the public interestand consistent with the purposes of this section’’(12 U.S.C. 371c(f)(2)). Regulation W includesseveral exemptions that are available to qualify-ing IDIs.

2020.1.12.1 Exemptions andInterpretation from the Attribution Ruleof Section 23A

The attribution rule of section 23A provides that‘‘a transaction by a member institution with anyperson shall be deemed a transaction with anaffiliate to the extent that the proceeds of thetransaction are used for the benefit of, or trans-ferred to, that affiliate’’ (12 U.S.C.

371c(a)(2)). One respective interpretation andthree exemptions are discussed below.

2020.1.12.2 Interpretation—Loans to aNonaffiliate that Purchases Securities orOther Assets Through a DepositoryInstitution Affiliate Agent or Broker

In Regulation W, the Board issued an interpreta-tion (12 C.F.R. 223.26(b)) regarding an IDI’sloan to a nonaffiliate that purchases assetsthrough an institution’s affiliate that is acting asagent. This interpretation confirms that sec-tion 23A of the FRA does not apply to exten-sions of credit an IDI grants to customers thatuse the loan proceeds to purchase a security orother asset through an affiliate of the depositoryinstitution, so long as (1) the affiliate is actingexclusively as an agent or broker in the transac-tion and (2) the affiliate retains no portion of theloan proceeds as a fee or commission for itsservices.

Under this interpretation, the Board con-cluded that when the affiliated agent or brokerretains a portion of the loan proceeds as a fee orcommission, the portion of the loan not retainedby the affiliate as a fee or commission wouldstill be outside the coverage of section 23A.However, the portion of the loan retained by theaffiliate as a fee or commission would be subjectto section 23A because it represents proceeds ofa loan by a depository institution to a third partythat are transferred to, and used for the benefitof, an affiliate of the institution. The Board,however, granted an exemption from sec-tion 23A for that portion of a loan to a thirdparty that an affiliate retains as a market-ratebrokerage or agency fee. (See 12 C.F.R.223.16(c )(2).)

The interpretation would not apply if thesecurities or other assets purchased by the third-party borrower through the affiliate of thedepository institution were issued or underwrit-ten by, or sold from the inventory of, anotheraffiliate of the depository institution. In thatcase, the proceeds of the loan from the deposi-tory institution would be transferred to, andused for the benefit of, the affiliate that issued,underwrote, or sold the assets on a principalbasis to the third party.

The above-mentioned transactions are subjectto the market-terms requirement of section 23B,which applies to ‘‘any transaction in which anaffiliate acts as an agent or broker or receives a

77. See, for example, SR-97-21.



fee for its services to the institution or any otherperson’’ (12 U.S.C. 371c-1(a)(2)(D)). A market-rate brokerage commission or agency fee refersto a fee or commission that is no greater thanthat prevailing at the same time for comparableagency transactions the affiliate enters into withpersons who are neither affiliates nor borrowersfrom an affiliated depository institution. (SeeRegulation W at 12 C.F.R. 223.16(b).)

2020.1.12.3 Exemption—Loans to aNonaffiliate that Purchases Securitiesfrom a Depository Institution SecuritiesAffiliate that Acts as a Riskless Principal

The Board has granted an exemption in Regula-tion W from section 23A of the FRA for exten-sions of credit by an IDI to customers who usethe loan proceeds to purchase a security that isissued by a third party through a broker-dealeraffiliate of the institution that acts as risklessprincipal. The exemption for riskless-principaltransactions would not apply if the broker-dealeraffiliate sold to the third-party borrower securi-ties that were issued or underwritten by, or soldout of the inventory of, an affiliate of the deposi-tory institution. Riskless-principal trades,although the functional equivalent of securitiesbrokerage transactions, involve the purchase ofa security by the depository institution’s broker-dealer affiliate. Accordingly, the broker-dealerretains the loan proceeds at least for somemoment in time.

There is negligible risk that loans that adepository institution makes to borrowers toengage in riskless-principal trades through abroker-dealer affiliate of the depository institu-tion would be used to fund the broker-dealer.For this reason, the Board adopted an exemptionfrom section 23A to cover riskless-principalsecurities transactions engaged in by depositoryinstitution borrowers through broker-dealeraffiliates of the depository institution. Thisexemption is applicable even if the broker-dealer retains a portion of the loan proceeds as amarket-rate markup for executing the riskless-principal securities trade. (See Regulation W at12 C.F.R. 223.16(c)(1) and (2).)

2020.1.12.4 Exemption—DepositoryInstitution Loan to a Nonaffiliate Pursuantto a Preexisting Line of Credit and theProceeds Are Used to Purchase Securitiesfrom the Institution’s Broker-DealerAffiliate

The Board approved an exemption in Regula-tion W from section 23A for loans by an IDI toa nonaffiliate pursuant to a preexisting line ofcredit, in which the loan proceeds are used topurchase securities from a broker-dealer affili-ate. In more detail, the Board exempted exten-sions of credit by an IDI to its customers thatuse the credit to purchase securities from a reg-istered broker-dealer affiliate of the institution,so long as the extension of credit is made pur-suant to, and consistent with any conditionsimposed in, a preexisting line of credit. Thisline of credit should not have been establishedin expectation of a securities purchase from orthrough an affiliate of the institution. The pre-existing requirement is an important safeguardto ensure that the depository institution did notextend credit for the purpose of inducing a bor-rower to purchase securities from or issued byan affiliate. The preexisting line of exemptionmay not be used in circumstances in which theline has merely been preapproved. (See Regu-lation W at 12 C.F.R. 223.16(c)(3).)

2020.1.12.5 Exemption—Credit CardTransactions

Regulation W also provides an exemption fromsection 23A’s attribution rule for general-purpose credit card transactions that meetcertain criteria. (See section 223.16(c)(4).) Therule defines a general-purpose credit card as acredit card issued by a member institution thatis widely accepted by merchants that are notaffiliates of the institution (such as a Visa cardor Mastercard) if less than 25 percent of theaggregate amount of purchases with the card arepurchases from an affiliate of the institution.Extensions of credit to unaffiliated borrowerspursuant to special-purpose credit cards (that is,credit cards that may only be used or aresubstantially used to buy goods from an affili-ate of the member institution) are subject to therule.

The credit card exemption includes severaldifferent methods that are provided for a mem-ber institution to demonstrate that its credit cardmeets the 25 percent test. First, if a memberinstitution has no commercial affiliates (otherthan those permitted for an FHC under section 4



of the BHC Act), the institution would bedeemed to satisfy the 25 percent test if theinstitution has no reason to believe that it wouldfail the test. (A member institution could usethis method of complying with the 25 percenttest even if, for example, the institution’s FHCcontrols, under section 4(a)(2), 4(c)(2), or4(k)(4)(H) of the BHC Act, several companiesengaged in nonfinancial activities.) Such a mem-ber institution would not be obligated to estab-lish systems to verify strict, ongoing compliancewith the 25 percent test. Most BHCs and FHCsshould meet this test. If an IDI has commercialaffiliates (beyond those permitted for an FHCunder section 4 of the BHC Act), the institutionwould be deemed to satisfy the 25 percent testif—

1. the institution establishes systems to verifycompliance with the 25 percent test on anongoing basis and periodically validates itscompliance with the test or

2. the institution presents information to theBoard demonstrating that its card wouldcomply with the 25 percent test. (One waythat a member institution could demonstratethat its card would comply with the 25 per-cent test would be to show that the total salesof the institution’s affiliates are less than25 percent of the total purchases bycardholders.)

Second, for those member institutions thatfall out of compliance with the 25 percent test,there is a three-month grace period to return tocompliance before extensions of credit underthe card become covered transactions. Third,member institutions that are required to validatetheir ongoing compliance with the 25 percenttest have a fixed method, time frames, andexamples for computing compliance.

Example of calculating compliance with the25 percent test. A member institution seeks toqualify a credit card as a general-purpose creditcard under section 223.16, paragraph(c)(4)(ii)(A), of the rule. The member institu-tion assesses its compliance under paragraph(c)(4)(iii) of this section on the 15th day ofevery month (for the preceding 12 calendarmonths). The credit card qualifies as a general-purpose credit card for at least three consecu-tive months. On June 15, 2008, however, themember institution determines that, for the 12-calendar-month period from June 1, 2007,through May 31, 2008, 27 percent of the totalvalue of products and services purchased withthe card by all cardholders were purchases ofproducts and services from an affiliate of the

member institution. Unless the credit cardreturns to compliance with the 25 percent limitby the 12-calendar-month period endingAugust 31, 2008, the card will cease to qualifyas a general-purpose credit card as ofSeptember 1, 2008. Any outstanding exten-sions of credit under the credit card that wereused to purchase products or services from anaffiliate of the member institution wouldbecome covered transactions at such time.

2020.1.13 AN IDI’S ACQUISITION OFAN AFFILIATE THAT BECOMES ANOPERATING SUBSIDIARY

Section 223.31 (a)-(c) of the rule providesguidance to an IDI that acquires an affiliate. Thefirst situation is when an IDI directly purchasesor otherwise acquires the affiliate’s assets andassumes the affiliate’s liabilities. In this case, thetransaction is treated as a purchase of assets, andthe covered-transaction amount is equal to theamount of any consideration paid by the IDI forthe affiliate’s assets (if any) plus the amount ofany liabilities assumed by the IDI in thetransaction.

Regulation W provides that the acquisition byan IDI of a company that was an affiliate of theIDI before the acquisition is treated as a pur-chase of assets from an affiliate if (1) as a resultof the transaction, the company becomes anoperating subsidiary of the IDI and (2) the com-pany has liabilities, or the IDI gives cash or anyother consideration in exchange for the securi-ties. The rule also provides that these transac-tions must be valued initially at the sum of(1) the total amount of consideration given bythe IDI in exchange for the securities and (2) thetotal liabilities of the company whose securitieshave been acquired by the IDI. In effect, the rulerequires IDIs to treat such share donations andpurchases in the same manner as if the IDI hadpurchased the assets of the transferred companyat a purchase price equal to the liabilities of thetransferred company (plus any separate consid-eration paid by the IDI for the shares). See12 C.F.R. 223.31.

Similarly, when an affiliate donates a control-ling block of an affiliate’s shares to an IDI, acovered transaction occurs if the affiliate hasliabilities that the IDI assumes. For example, theparent holding company of an IDI contributesbetween 25 percent and 100 percent of the vot-ing shares of a mortgage company to the IDI.



The parent holding company retains no sharesof the mortgage company. The IDI gives noconsideration in exchange for the transferredshares. The mortgage company has total assetsof $300,000 and total liabilities of $100,000.The mortgage company’s assets do not includeany loans to an affiliate of the IDI or any otherasset that would represent a separate coveredtransaction for the IDI upon consummation ofthe share transfer. As a result of the transaction,the mortgage company becomes an operatingsubsidiary of the IDI. The transaction is treatedas a purchase of the assets of the mortgagecompany by the IDI from an affiliate underparagraph (a) of section 223.31. The IDI ini-tially must value the transaction at $100,000,the total amount of the liabilities of the mort-gage company. Going forward, if the memberbank pays off the liabilities, the member bankmust continue to value the covered transactionat $100,000. However, if the member bank sells$15,000 of the transferred assets of the mort-gage company or if $15,000 of the transferredassets amortize, the IDI may value the coveredtransaction at $85,000.

A similar situation is when an IDI acquires anaffiliate by merger. Because a merger with anaffiliate generally results in the IDI’s acquiringall the assets of the affiliate and assuming all theliabilities of the affiliate, this transaction is effec-tively equivalent to the purchase and assump-tion transaction described in the previous para-graph. Accordingly, the merger transaction alsois treated as a purchase of assets, and thecovered-transaction amount is equal to theamount of any consideration paid by the IDI forthe affiliate’s assets (if any) plus the amount ofany liabilities assumed by the IDI in thetransaction.78

The assets and liabilities of an operating sub-sidiary of an IDI are treated in the rule asassets and liabilities of the IDI itself for pur-poses of section 23A.79 The rule only imposesasset-purchase treatment on affiliate sharetransfers when the company whose shares are

being transferred to the IDI was an affiliate ofthe IDI before the transfer. If the transferredcompany was not an affiliate before the trans-fer, it would not be appropriate to treat theshare transfer as a purchase of assets from anaffiliate. Similarly, the rule only requires asset-purchase treatment for affiliate share transferswhen the transferred company becomes a sub-sidiary and not an affiliate of the IDI throughthe transfer.

If an IDI purchases, or receives a donation, ofa partial interest in an entity that remains anaffiliate, that transaction is treated as a purchaseof, or investment in securities issued by anaffiliate. This type of transaction is valuedaccording to its purchase price or carrying value.(See 12 C.F.R. 223.23.)

2020.1.14 STEP-TRANSACTIONEXEMPTION (SECTION 223.31(d)AND (e))

Under section 223.31(d) of the rule, an exemp-tion is provided for certain step transactions thatare treated as asset purchases under sec-tion 223.31(a) when an affiliate owned the trans-ferred company for a limited period of time.Regulation W provides an exemption when acompany acquires the stock of an unaffiliatedcompany and, immediately after consummationof the acquisition, transfers the shares of theacquired company to the holding company’ssubsidiary IDI. For example, a bank holdingcompany acquires 100 percent of the shares ofan unaffiliated leasing company. At that time,the subsidiary IDI of the holding company noti-fies its appropriate federal banking agency andthe Board of its intent to acquire the leasingcompany from its holding company. On the dayafter consummation of the acquisition, the hold-ing company transfers all of the shares of theleasing company to the IDI. No material changein the business or financial condition of theleasing company occurs between the time of theholding company’s acquisition and the IDI’sacquisition. The leasing company has liabilities.The leasing company becomes an operating sub-sidiary of the IDI at the time of the transfer. Thistransfer by the holding company to the IDI,although deemed an asset purchase by the IDIfrom an affiliate under paragraph (a) of sec-tion 223.31, would qualify for the exemption inparagraph (d) of section 223.31.

The rule exempts these ‘‘step’’ transactionsunder certain conditions. First, the IDI mustacquire the target company immediately afterthe company became an affiliate (by being

78. As noted, section 223.3(dd) of the rule makes explicit

the Board’s view that these merger transactions generally

involve the purchase of assets by a member bank from an

affiliate.

79. Because an IDI usually can merge a subsidiary into

itself, transferring all the shares of an affiliate to an IDI often

is functionally equivalent to a transaction in which the bank

directly acquires the assets and assumes the liabilities of the

affiliate. In a direct acquisition of assets and assumption of

liabilities, the covered-transaction amount would be equal to

the total amount of liabilities assumed by the IDI.



acquired by the bank’s holding company, forexample). The IDI must acquire the entireownership position in the target company thatits holding company acquired. Also, there mustbe no material change in the business or finan-cial condition of the target company during thetime between when the company becomes anaffiliate of the IDI and when the IDI is in receiptof the company. Finally, the entire transactionmust comply with the market-terms require-ment of section 23B, and the IDI must notify itsappropriate federal banking agency and theBoard, at or before the time that the target com-pany becomes an affiliate of the IDI, of its intentultimately to acquire the target company.

Regulation W requires that the IDI consum-mate the step transaction immediately to ensurethe quality and fairness of the transaction. Tothe extent that the IDI acquires the target com-pany some time after the company becomes anaffiliate, the transaction looks less like a singletransaction in which the IDI acquires the targetcompany and more like two separate transac-tions, the latter of which involves the IDI acquir-ing assets from an affiliate.

The Board recognized, however, that bank-ing organizations may need a reasonableamount of time to address legal, tax, and busi-ness issues relating to an acquisition. Regula-tion W thus permits IDIs to avail themselves ofthe step-transaction exemption if the IDIacquires the target company within threemonths after the target company becomes anaffiliate so long as the appropriate federal bank-ing agency for the IDI has approved the longertime period.

The 100 percent ownership requirement (thatthe IDI must acquire the entire ownership posi-tion in the target company that its holding com-pany acquired) prevents a holding companyfrom keeping the good assets of the target com-pany and transferring the bad assets to the hold-ing company’s subsidiary IDI. If a bankingorganization cannot meet the terms of the step-transaction exemption, the organization may beable to satisfy the conditions of the rule’sinternal-corporate-reorganization exemption ormay be able to obtain a case-by-case exemptionfrom the Board.

2020.1.14.1 Application of Sections 23Aand 23B of Subpart G to U.S. Branchesand Agencies of Foreign Banks

2020.1.14.1.1 Applicability of Sections23A and 23B to Foreign Banks Engagedin Underwriting Insurance, Underwritingor Dealing in Securities, MerchantBanking, or Insurance CompanyInvestment in the United States.

By its terms, sections 23A and 23B of the FRAdo not apply to the U.S. branches, agencies, orcommercial lending offices of foreign banks.The Board, however, used the authority grantedto it by the Gramm-Leach-Bliley Act to imposerestrictions on transactions between thebranches, agencies, and lending offices and anyaffiliate of the foreign bank that operates in theUnited States in order to ensure that such trans-actions met certain prudential standards and pro-vided competitive equality with U.S. bankingorganizations. The Board accomplished thesegoals by imposing the definition of affiliateswithin sections 23A and 23B on transactionsbetween the branches, agencies, and lendingoffices and those affiliates if the company is also

1. directly engaged in the United States in cer-tain activities. These activities are significantbecause a U.S. bank cannot engage in theseactivities directly or through an operatingsubsidiary and the 23A and 23B limitationshelp ensure competitive equality betweenU.S. banks and foreign banks. These activi-ties are as follows:• Insurance underwriting pursuant to sec-

tion 4(k)(4)(B) of the Bank Holding Com-pany Act (12 U.S.C. 1843(k)(4)(B));

• Securities underwriting, dealing, or mar-ket making pursuant to section 4(k)(4)(E)of the Bank Holding Company Act (12USC 1843(k)(4)(E));

• Merchant banking activities pursuant tosection 4(k)(4)(H) of the Bank HoldingCompany Act (12 USC 1843(k)(4)(H))(but only to the extent that the proceeds ofthe transaction are used for the purpose offunding the affiliate’s merchant bankingactivities);

• Insurance company investment activitiespursuant to section 4(k)(4)(I) of the BankHolding Company Act (12 USC1843(k)(4)(I)); or



• Any other activity designated by theBoard.

2. a portfolio company (as defined in the mer-chant banking subpart of Regulation Y (12CFR 225.177(c)) controlled by the foreignbank or an affiliate of the foreign bank or acompany that would be an affiliate of thebranch, agency, or commercial lending com-pany of the foreign bank under paragraph(a)(9) of section 223.2 if such branch,agency, or commercial lending companywere a member bank; or

3. a subsidiary of an affiliate as described inparagraph (b)(1) or (2) of section 223.61.

Regulation W also provides that for purposes ofsubpart G, the “capital stock and surplus” of aU.S. branch, agency, or commercial lendingcompany of a foreign bank will be determinedby reference to the capital of the foreign bank ascalculated under its home-country capital stan-dards.

2020.1.15 SECTION 23B OF THEFEDERAL RESERVE ACT

Section 23B of the FRA became law onAugust 10, 1987, as part of the CompetitiveEquality Banking Act of 1987. This section alsoregulates transactions with affiliates. Section23B applies to any covered transaction with anaffiliate, but excludes banks from the term‘‘affiliate’’ as that term is defined in section 23A.

Regulation W, subpart F, sets forth the princi-pal restrictions of section 23B. These include(1) a requirement that most transactions betweenan IDI and its affiliates be on terms and circum-stances that are substantially the same as thoseprevailing at the time for comparable transac-tions with nonaffiliates; (2) a restriction on anIDI’s purchase, as fiduciary, of assets from anaffiliate unless certain criteria are met; (3) arestriction on an IDI’s purchase, during the exis-tence of an underwriting syndicate, of any secu-rity if a principal underwriter of the security isan affiliate; and (4) a prohibition on publishingan advertisement or entering into an agreementstating that an IDI will be responsible for theobligations of its affiliates. For the most part,subpart F restates the operative provisions ofsection 23B.

The following transactions with affiliates arecovered by section 23B:

1. Any covered transaction with an affiliate.2. The sale of securities or other assets to an

affiliate, including assets subject to an agree-ment to repurchase.

3. The payment of money or the furnishing ofservices to an affiliate under contract, lease,or otherwise.

4. Any transaction in which an affiliate acts asan agent or broker or receives a fee for itsservices to the institution or to any otherperson.

5. Any transaction or series of transactions witha nonaffiliate if an affiliate• has a financial interest in the third party

or• is a participant in the transaction or series

of transactions.

Any transaction by an IDI or its subsidiary withany person is deemed to be a transaction with anaffiliate of the institution if any of the proceedsof the transaction are used for the benefit of, ortransferred to, the affiliate. An IDI and its sub-sidiaries may engage in transactions covered bysection 23B of the FRA, but only on terms andunder certain circumstances, including creditstandards, that are substantially the same or atleast as favorable to the institution as thoseprevailing at the time for comparable transac-tions with or involving nonaffiliated companies.If comparable transactions do not exist, thetransaction must be on terms and under circum-stances, including credit standards, that in goodfaith would be offered to or applied to nonfinan-cial companies.

Section 23B restricts the following transac-tions with affiliates:

1. An IDI or its subsidiary cannot purchase asfiduciary any securities or other assets fromany affiliate unless the purchase is permitted(1) under the instrument creating the fidu-ciary relationship, (2) by court order, or(3) by law of the jurisdiction creating thefiduciary relationship.

2. An IDI or its subsidiary, whether acting asprincipal or fiduciary, cannot knowingly pur-chase or acquire, during the existence of anyunderwriting or selling syndicate, any secu-rity if a principal underwriter of that securityis an affiliate of the institution. This limita-tion applies unless the purchase or acquisi-tion of the security has been approved beforeit is initially offered for sale to the public bya majority of the directors of the institution.The purchase should be based on a determi-nation that it is a sound investment for theinstitution, irrespective of the fact that an



affiliate is a principal underwriter of thesecurities.

2020.1.15.1 Transactions Exempt fromSection 23B of the Federal Reserve Act

The market-terms requirement of section 23Bapplies to, among other transactions, any ‘‘cov-ered transaction’’ between an IDI and an affili-ate.80 Section 23B(d)(3) makes clear that theterm ‘‘covered transaction’’ in section 23B hasthe same meaning as the term ‘‘covered transac-tion’’ in section 23A, but does not include anytransaction that is exempt under section 23A(d).For example, transactions between sister banksand IDIs that are part of a chain banking organi-zation are exempt from section 23B;81 Alsoexempt are transactions that are fully secured bya deposit account or U.S. government obliga-tions, and purchases of assets from an affiliate ata readily identifiable and publicly available mar-ket quotation.82 Consistent with the statute,Regulation W’s section 223.52(a)(1) exemptsfrom section 23B any transaction that is exemptunder section 23A(d).83

The rule also excludes from section 23B anycovered transaction that is exempt from sec-tion 23A under section 223.42(i) or (j) (that is,asset purchases by a newly formed IDI andtransactions approved under the Bank MergerAct). The Board excluded from section 23B thisadditional set of transactions because, in eachcase, the appropriate federal banking agency forthe IDI involved in the transaction should ensurethat the terms of the transaction are not unfavor-able to the IDI.

2020.1.15.2 Purchases of Securities forWhich an Affiliate Is the PrincipalUnderwriter

The GLB Act amended section 23B to permit anIDI to purchase securities during an underwrit-ing conducted by an affiliate if the followingtwo conditions are met. First, a majority of thedirectors of the IDI (with no distinction drawnbetween inside and outside directors) must

approve the securities purchase before the secu-rities are initially offered to the public. Second,such approval must be based on a determinationthat the purchase would be a sound investmentfor the IDI regardless of the fact that an affiliateof the IDI is a principal underwriter of thesecurities.84 Section 223.53(b) includes thisstandard and clarifies that if an IDI proposes tomake such a securities purchase in a fiduciarycapacity, then the directors of the IDI must basetheir approval on a determination that the pur-chase is a sound investment for the person onwhose behalf the IDI is acting as fiduciary.

An IDI may satisfy this director-approvalrequirement by obtaining specific prior directorapproval of each securities acquisition other-wise prohibited by section 23B(b)(1)(B). Therule clarifies, however, that an IDI also satisfiesthis director-approval requirement if a majorityof the IDI’s directors approve appropriate stan-dards for the IDI’s acquisition of securities oth-erwise prohibited by section 23B(b)(1)(B), andeach such acquisition meets the standards ad-opted by the directors. In addition, a majorityof the IDI’s directors must periodically reviewsuch acquisitions to ensure that they meet thestandards and must periodically review thestandards to ensure they meet the ‘‘soundinvestment’’ criterion of section 23B(b)(2). Theappropriate period of time between reviewswould vary depending on the scope and natureof the IDI’s program, but such reviews shouldbe conducted by the directors at least annually.Before the passage of the GLB Act, Board staffinformally allowed IDIs, based on the legisla-tive history of section 23B, to meet thedirector-approval requirement in this fashion,and there is no indication that Congress in theGLB Act intended to alter the procedures that amember bank could use to obtain the requisitedirector approval. The rule codifies staff’s pre-existing approach to the director-approvalrequirement.

2020.1.15.3 Definition of Affiliate underSection 23B

Section 23B states that the term ‘‘affiliate’’under section 23B has the meaning given tosuch terms in section 23A, except that the term‘‘affiliate’’ under section 23B does not include a‘‘bank,’’ as defined in section 23A. In the case

80. 12 U.S.C. 371c-1(a)(2)(A).

81. Although transactions between banks are exempt from

section 23B, the safety-and-soundness provisions of sec-

tion 23A(a)(4) apply and generally require that transactions be

conducted on terms similar to those terms and standards

outlined in section 23B.

82. 12 U.S.C. 371c-1(d)(3).

83. Regulation W will again be subsequently referred to as

the ‘‘rule’’ or by its specified section-numbered discussion of

section 23B provisions.

84. See 12 U.S.C. 371c-1(b)(2).



of the sister-bank exemption, the rule’s sec-tion 223.2(c) clarifies that the only companiesthat qualify for the ‘‘bank’’ exception to sec-tion 23B’s definition of affiliate are IDIs.

2020.1.15.4 Advertising and GuaranteeRestriction

In section 23B(c), the ‘‘advertising restriction’’prohibits an IDI from publishing any advertise-ment or entering into any agreement stating orsuggesting that the IDI shall in any way beresponsible for the obligations of its affiliates.Regulation W clarifies this restriction to permitsuch guarantees and similar transactions if thetransaction satisfies the quantitative and collat-eral restrictions of section 23A. The rule alsoclarifies that section 23B(c) does not prohibit anIDI from making reference to such a guarantee,acceptance, or letter of credit in a prospectus orother disclosure document, for example, if oth-erwise required by law.

2020.1.16 INSPECTION OBJECTIVES

1. To analyze and assess the financial impactof transactions (including loans and pur-chases of assets) between the IDIs and theirsubsidiaries and all affiliates.

2. To ascertain if all:a. credit transactions are properly secured;

andb. covered transactions are consistent with

the quantitative limits of section 23A.3. To ascertain whether the IDIs are calculat-

ing credit exposure resulting from deriva-tives and securities borrowing and lendingtransactions. Also, to ascertain that anycredit exposure is secured.

4. To determine if an IDI has engaged in atransaction with a third party when the pro-ceeds are used for the benefit of, or trans-ferred to, an affiliate.

5. To determine if an IDI has procedures forallowing intraday credit.

6. To determine whether covered transactionsbetween a subsidiary IDI (and its subsidi-aries), its holding company, and other affili-ates are conducted consistent with the quan-titative and collateral requirements ofsections 23A and 23B of the FRA andRegulation W.

7. To determine if transactions between a sub-

sidiary IDI and its affiliates in the holdingcompany are on terms and conditions andunder circumstances, including credit stan-dards, are consistent with safe and soundbanking practices and whether the termsand conditions of the transactions are thesame as those that would be offered orapplied to nonaffiliated companies.

8. To determine whether a subsidiary IDI orits subsidiarya. has purchased low-quality assets orb. has purchased, as fiduciary, any securi-

ties or other assets from an affiliate in theholding company.

9. To determine whether a subsidiary IDI, orany subsidiary or affiliate of the IDI, haspublished any advertisement or has enteredinto any agreement that states or suggeststhat it will, in any way, be responsible forthe obligations of affiliates.

10. To determine if securities were purchasedor acquired by the subsidiary IDI or itssubsidiaries from an underwriting or sellingsyndicate affiliated with the IDI and, if so, ifthe majority of outside directors of the IDIapproved the purchase or acquisition ofsecurities before they were offered for saleto the public.

11. To confirm that the subsidiary IDI or itssubsidiary has not purchased as fiduciaryany securities or other assets from a non-bank affiliate in the holding companyunless the purchase was permitted inaccordance with the instrument creatingthe fiduciary relationship, by court order,or by the law governing the fiduciaryrelationship.

12. To ascertain if any subsidiary IDI (or itssubsidiary) had knowingly purchased oracquired any security from an affiliate inwhich the principal underwriter of thatsecurity was a nonbank affiliate within theholding company organization.

13. To determine if the subsidiary IDI and itssubsidiaries have conducted transactionswith their parent holding company or anyother company affiliated in the holdingcompany organization that are not incompliance with the restrictions in sec-tions 23A and 23B of the FRA or Regula-tion W.

2020.1.17 INSPECTION PROCEDURES

1. During the pre-inspection, perform the fol-lowing activities:a. Review examination reports of sub-



sidiary IDIs for comments on loans toaffiliates, intercompany transactions,other transactions with affiliates, andviolations of the restrictions of sec-tions 23A or 23B of the FRA, or Regula-tion W.

b. Review the most current FR Y-8 (TheBank Holding Company Report ofInsured Depository Institutions’ Section23A Transactions with Affiliates).

2. In the officer’s questionnaire, request a listof subsidiary IDIs and their subsidiaries’transactions with affiliates since the previ-ous inspection, including the amounts,types, and any collateral, consisting of—

a. loans or extensions of credit to an affili-ate, and purchases of extensions of creditfrom an affiliate;

b. a purchase or sale of an investment insecurities issued by, or sold to, the affili-ate, or purchase or sale of other assets,including assets subject to an agreementto repurchase;

c. the acceptance of securities or other debtinstrument issued by the affiliate as col-lateral security for a loan or extension ofcredit;

d. the issuance of a guarantee, acceptance,or letter of credit, including an endorse-ment or standby letter of credit on behalfof an affiliate;

e. a transaction with an affiliate thatinvolves the borrowing or lending ofsecurities, to the extent that the transac-tion causes an IDI or a subsidiary tohave credit exposure to the affiliate;

f. a derivative transaction, as defined in 12U.S.C. 84(b), with an affiliate, to theextent that the transaction causes an IDIor a subsidiary to have credit exposure tothe affiliate.

g. the payment of money or the furnishingof services to an affiliate under contract,lease, or otherwise;

h. transactions in which an affiliate acts asagent or broker or receives a fee for itsservices to the bank or to any otherperson;

i. any transaction or series of transactionswith a third party if—

(1) the affiliate has a financial interest inthe third party or

(2) the affiliate is a participant in suchtransactions; and

j. Any transaction by a subsidiary bank orits subsidiary with any person, if theproceeds of that transaction are used for

the benefit of, or transferred to, theaffiliate.

3. During the BHC’s inspection, perform thefollowing activities:

a. Review the bank holding company’spolicies and procedures regarding inter-company transactions of subsidiarybanks.

b. Determine if the substantive transactionsof the holding company organizationcomply with the restrictions on transac-tions with affiliates in sections 23A and23B of the FRA and Regulation W.

c. Verify that covered transactions countagainst Regulation W’s limits and arecollateralized when required.

(1) Ensure that covered transactions areproperly valued and adequatelycollateralized;

(2) Review collateral documentation toensure that a lien is adequately per-fected and prioritized.

(3) Review all related documentation,terms, conditions, and circumstancesfor each transaction, including anyresolutions for securities purchased(or established standards for securi-ties purchased from affiliates).

(4) Determine the purpose and use ofthe transaction’s proceeds.

d. Review all outstanding guarantees,endorsements, or pledge agreements bythe bank to support the affiliates’borrowings.

e. Review, on a test-sample basis, adver-tisements and written agreements toascertain whether the bank or any sub-sidiary or affiliate of the bank has statedor suggested that it shall be responsiblefor the obligations of any affiliates in theholding company organization.

f. If the BHC engages in derivative trans-actions with affiliates, review the BHC’spolicies and procedures to determine ifcredit limits, collateral restrictions, andother limitations (each affiliate and allaffiliates combined) have been imposedon interaffiliate derivative transaction(IDI) exposures to affiliates.

(1) Determine if the limits are similar tothose imposed on nonaffiliatedcounterparties.

g. Review the listed transactions of theBHC or its subsidiary with the affiliatesthat the IDI claims are exempt under



12 C.F.R. 223.42(k) provided in responseto the officer’s questionnaire (item 2).Determine if

(1) extensions of credit, and purchasesof extensions of credit, are supportedby independent credit evaluationsand if advance loan commitmentsare provided before the affiliatesmake loans;

(2) no blank advance purchase commit-ments exist to purchase loans; and

(3) the purchases meet the quantitativerestrictions of the exemption.

4. Give additional attention to the followingproblems involving the BHC and itssubsidiaries:

a. The subsidiary IDI would not have madethe loan or would not have made theloan with such favorable terms and con-ditions, or engaged in any other coveredtransaction, except for the parent holdingcompany’s insistence due to the affiliaterelationship.

b. The IDI’s condition is weakened due tothe extension of credit or the nature ofthe transaction with the affiliate.

c. The affiliate has not provided adequatequalifying collateral to support the loanor extension of credit provided by thesubsidiary IDI.

d. The IDI does not have a perfected secu-rity interest in the collateral.

e. The loan, extension of credit, or transac-tion with an affiliate is not in compliancewith the limits and restrictions in sec-tions 23A or 23B of the FRA or Regula-tion W.

f. Purchases of low-quality assets by a sub-sidiary bank or its subsidiaries from anaffiliate, unless previously exempted bythe Board’s Regulation W, Board order,or unless the IDI subsidiary or subsidiaryaffiliate, pursuant to an independentcredit evaluation, had committed itself topurchase the low-quality assets beforethe time such asset was acquired by theaffiliate.

g. During the existence of any underwritingor selling syndicate, a subsidiary IDI orits subsidiary has purchased or acquireda security from an IDI affiliate or bankholding company affiliate, including anaffiliated broker-dealer, and the principalunderwriter of that security is an affiliateof the IDI.

h. The purchase or acquisition of securities(1) was not approved by a majority ofthe outside board of directors before theIDI’s securities were offered for sale tothe public and (2) was not, in the absenceof comparable transactions, on terms andunder circumstances, including creditstandards, that in good faith would havebeen offered to, or would have appliedto, nonaffiliated companies.

i. The existence of advertisements oragreements that state or suggest that theIDI, its subsidiaries, or affiliate will beresponsible for the obligations of itsaffiliates.

5. Review any checking accounts and IDIstatements to check for overdrafts the par-ent company or any of its nonbank subsidi-aries may have with a subsidiary IDI.

6. Review the accounts payable to the sub-sidiary IDI and other accounts payableaccounts for servicers, contractors, lessors,and other affiliates to determine if theyarose as the equivalent of an extension ofcredit, purchase of securities or other assets,or as a liability to third parties. Ascertainwhether those transactions were listed inresponse to the officer’s questionnaire andwhether the transactions were inaccordance with the restrictions in sec-tions 23A and 23B of the FRA and Regula-tion W.

7. Review the accounts receivable from thesubsidiary IDI and other accounts receiv-able of other affiliates for sales of securi-ties or other assets and for the payment ofmoney or the furnishing of services.Ascertain whether those transactions werereported in response to an officer’squestionnaire and whether they are inaccordance with section 23A and 23B ofthe FRA’s and Regulation W’s restrictionsplaced on transactions with affiliates.

8. Ascertain if the IDI’s credit limits, collat-eral requirements, and monitoring of itsexposures to affiliates are at least as strict asthose it imposes on unaffiliated companies.

9. Determine if the IDI has policies and proce-dures to monitor and control its intradaycredit exposure to each affiliate and to allaffiliates in the aggregate.

10. Determine if the IDI’s intraday extensionsof credit to affiliates are on comparablemarket terms and if they comply with sec-tion 23B of the FRA.

11. Review all other transactions that the hold-ing company organization has engaged inwith its affiliated IDIs and their subsidi-



aries, including lease arrangements, todetermine whether they are subject to therestrictions in sections 23A and 23B andRegulation W, and, if so, whether they arein compliance.

12. Discuss the findings with appropriate seniormanagement and, if the findings are signifi-cant, the board of directors.

13. Determine management’s corrective actionsregarding any comments raised by thebank’s primary regulator in an examinationreport.a. If violations are disclosed in a subsidiary

bank’s examination report or during aninspection of the holding company, theexaminer may criticize management on

the “Examiner’s Comments and MattersRequiring Special Board Attention” pageor section of the inspection report forcausing the bank to be in violation or forengaging in unsafe and unsound prac-tices.

b. If loans to or transactions with affiliateswithin the holding company organiza-tion appear to adversely affect a subsidi-ary bank, request management’s assess-ment of such effects and its rationale forthe transactions. Use of the “Examiner’sComments and Matters Requiring Spe-cial Board Attention” report page or sec-tion may be appropriate.



2020.1.18 LAWS, REGULATIONS, INTERPRETATIONS, AND ORDERS

Subject Laws 1 Regulations 2 FRRS 3 Orders

Regulation W 223

Treatment of transactionswith financial subsidiaries ofbanks

371c(e), FRAsection 23A

208.73(d) 3-383.1

Limitations on amount—loans secured by paper eli-gible for rediscount or pur-chase by a Federal ReserveBank

371c, FRAsection 23A(c)

223.14(b)(i)(C)

Applicability to FDIC-insured banks

1828(j), FDIAsection 18(j)

1-398

Restrictions on transactionswith affiliates

371c-1, FRAsection 23B

3-1116

Market terms requirement—derivative transactions withaffiliates

223.33

Intraday extensions of creditby insured depository insti-tutions to their affiliates

223.42(l)

Exemptions-loans andextensions of credit bymember bank to a thirdparty

223.16(c)(3)

Securities issued by anaffiliate cannot be used ascollateral for a loan to anyaffiliate

1813, Dodd-FrankAct371c(c)(4)

Credit exposure resultingfrom a derivative transactionwith an affiliate is a coveredtransaction

371c(b)(7)(G)

1. 12 U.S.C., unless specifically stated otherwise.

2. 12 C.F.R., unless specifically stated otherwise.

3. Federal Reserve Regulatory Service reference.



Intercompany Transactions(Loan Participations) Section 2020.2

WHAT’S NEW IN THIS REVISEDSECTION

Effective July 2010, this section was revised toinclude a cross reference to section 2010.2.7 ofthis manual, which discusses loan participa-tions. References in the table of Laws, Regula-tions, Interpretations, and Orders have alsobeen updated.

It is common practice for a bank to sell to orplace with other banks loans that the bank itselfhas made to its customers. A loan participationis a share or part of a loan which entitles theholder to a pro rata share of the income deter-mined by the extent of the holder’s contributionto the original loan and a preference orderingfor repayment. Such loans may be sold outrightwithout liability to the selling bank in case ofdefault by the borrower, or they may be soldwith terms granting the purchasing bankrecourse to the selling bank should the loansbecome uncollectible. Sales to or placement ofloans with other banks are for the accommoda-tion of either the selling or purchasing bank andare arranged for purposes of increasing the rateof return when loan rates differ between banks,achieving diversification of loans by type, andaltering liquidity positions. It is also commonpractice for banks to sell or place with otherbanks those portions of individual loans thatwould be in excess of the bank’s legal lendinglimit (overlines) if the total loan were retained.Participations of this type should be placedwithout recourse as a matter of prudent bankingpractice; otherwise, the purpose of compliancewith the legal lending limitations would bedefeated in the event of default. See section2010.2.7 of this manual for supervisory andaccounting guidance regarding a BHC’s orbank’s use, purchase, or sale of loan participa-tion agreements.

Banks also sell or place loans or participa-tions with their parent holding companies ornonbank affiliates. A BHC’s purchase of loanparticipations from its subsidiary bank(s) gener-ally constitutes the making of a loan or exten-sion of credit within the meaning of section225.28(b)(1) of Regulation Y, and as such, aBHC needs prior approval to purchase loan par-ticipations from its subsidiary bank(s).

A bank may participate in or purchase a loanoriginated by its parent holding company or oneof its nonbank subsidiaries. A subsidiary bank’spurchase, or participation of a loan, note, orother asset from an affiliate is considered a

purchase of an asset from an affiliate within themeaning of section 23A of the Federal ReserveAct and thus is a ‘‘covered transaction’’ that issubject to the quantitative limitations and theprohibition against purchasing of low-qualityassets. Subsidiary banks must make indepen-dent judgments as to the quality of such partici-pations before their purchase to avoid compro-mising the asset quality of such banks for thebenefit of other holding company entities. Allloans and participations must be purchased onmarket terms.

A bank’s purchase of a loan or loan participa-tion, on a nonrecourse basis from an affiliate,may not be a covered transaction under section23A that is subject to the quantitative limita-tions (12 C.F.R. 223.11- 223.12)), collateralrequirements (12 C.F.R. 223.14), and low-quality asset prohibition (12 C.F.R. 223.15) if

1. the extension of credit was originated by theaffiliate;

2. the member bank makes an independentevaluation of the creditworthiness of the bor-rower before the affiliate makes or commitsto make the extension of credit;

3. the member bank commits to purchase theextension of credit before the affiliate makesor commits to make the extension of credit;

4. the member bank does not make a blanketadvance commitment to purchase extensionsof credit from the affiliate; and

5. the dollar amount of the extension of credit,when aggregated with the dollar amount ofall other extensions of credit purchased fromthe affiliate during the preceding 12 calendarmonths by the member bank and its deposi-tory institution affiliates, does not representmore than 50 percent (or such lower percentas is imposed by the bank’s appropriate Fed-eral banking agency) of the dollar amount ofextensions of credit originated by the affiliateduring the preceding 12 calendar months.(See 12 C.F.R. 223.42(k).)

In some cases, a bank may renew a loan or aparticipation that it purchased from anotheraffiliated bank even when the original participa-tion has become a low-quality asset. In someinstances, a bank’s renewal of a low-qualityasset, such as a troubled agricultural loan, or anextension of limited amounts of additional creditto such a borrower may enable both the originat-


ing and participating banks to avoid or mini-mize potential losses. It would be inconsistentwith the purposes of section 23A to bar a partici-pating bank from using sound banking judg-ment to take the steps that it may deem neces-sary to protect itself from harm in such asituation, so long as the loan was not a low-quality asset at the time of the original participa-tion and the participating bank does not assumemore than its original proportionate share of thecredit.

The following factors thus characterize thesituation where it would be reasonable to inter-pret section 23A as not applying to the renewalof an otherwise low-quality asset:

1. the original extension of credit was not alow-quality asset at the time the affiliatedbank purchased its participation,

2. the renewal and/or the extension of addi-tional credit has been approved by the boardof directors of the participating bank as nec-essary to protect the bank’s investment byenhancing the ultimate collection of theoriginal indebtedness, and

3. the participating bank’s share of the renewaland/or additional loan will not exceed itsproportionate share of the original invest-ment by more than 5 percent. In addition, itis expected that, consistent with safe andsound banking practices, the originating bankwould make its best efforts to obtainadequate collateral for the loan(s) to furtherprotect the banks from loss. (See 12 C.F.R.223.15.)

Loans and loan participations by the variousmembers of the holding company family to indi-vidual borrowers or to the same or related inter-ests may represent concentrations of creditwhich are large in relation to the holding compa-ny’s consolidated capital position. These con-centrations of credit should be assessed forpotentially harmful exposure to the holdingcompany’s financial condition.


1. To determine the BHC’s loan participationpolicy.

2. To assess the impact of a subsidiary bank’sparticipation in loans with affiliates and toensure that the bank’s financial condition isnot compromised and that the bank is not

providing the funding needs of the affiliates,except within the parameters of sections 23Aand 23B of the Federal Reserve Act.

3. To assess the impact of any concentrations ofcredit on the holding company’ s overallfinancial position.


1. During the preinspection process, revieweach subsidiary bank’s examination reportfor comments on participations with affili-ates.

2. In the officer’s questionnaire to the holdingcompany, request the BHC’s policy on loanparticipation. Request a list of any loan par-ticipations the holding company or the non-bank subsidiaries have with the subsidiarybank(s).

3. During the inspection, review the policystatements and each participation the holdingcompany or the nonbank subsidiaries havewith the subsidiary bank(s). The followingcharacteristics should be analyzed:a. any repetitive transaction patterns which

may indicate policy;b. the adequacy of credit information on file;c. the extent to which the terms of the par-

ticipation including interest rates arehandled in an arm’s-length manner;

d. the degree that the bank is accommodat-ing the funding needs of the nonbank sub-sidiaries or its parent;

e. the impact of these transactions on thesubsidiary bank;

f. eligibility for exclusion from section 23Arestrictions and, if applicable, compliancewith such restrictions.

4. Review participations among the bank hold-ing company, nonbank subsidiaries, andthe subsidiary banks to determine potentiallyadverse concentrations of credit.

5. Discuss with management—a. written and verbal policies regarding par-

ticipations both within the holding com-pany and with nonaffiliated third partiesand

b. any adverse findings on intercompanyparticipations.

6. Comment on policy on the appropriate pageof the inspection report (see section 5010.6).If any adverse comments on participationswith affiliates are contained in a bank subsid-iary’s examination report, comment on theircurrent status and the BHC’s efforts to rem-edy the problem.

Intercompany Transactions (Loan Participations) 2020.2



Subject Laws 1 Regulations 2 Interpretations 3 Orders

Limitations and restrictions 371c, FRAsection 23A(c)

Purchase of extensions ofcredit from affiliates

223.42(k) 3–1161

1. 12 U.S.C., unless specifically stated otherwise.2. 12 C.F.R., unless specifically stated otherwise.


Intercompany Transactions (Loan Participations) 2020.2


Intercompany Transactions(Sale and Transfer of Assets) Section 2020.3

Sales and transfers of assets between subsidiarybanks and other entities in a bank holding com-pany organization pose the potential of risk tothe subsidiary banks. Asset purchases are cov-ered by Section 23A and Section 23B of theFederal Reserve Act. The limitations state thatall covered transactions, including asset pur-chases, by a bank with a single affiliate, may notexceed 10 percent of a bank’s capital and sur-plus, and transactions with all affiliates may notexceed 20 percent of the bank’s capital andsurplus. In addition, all transactions must beconducted on market terms.A bank’s purchase of a loan or loan participa-

tion from a bank holding company or its subsid-iary may not be a covered transaction underSection 23A if:1. the bank makes an independent credit

evaluation on each loan prior to the affiliatemaking the loan;2. the bank agrees to purchase the loan prior

to the affiliate making the loan; and3. the bank’s purchase of the affiliate’s loans

is not the primary source of funding for theaffiliate.Sale and transfer of assets can also occur

through swaps and spinoffs. Examples of suchtransactions which may have an adverse effecton a bank include the transfer of a profitableactivity or subsidiary from the bank to the hold-ing company, or the transfer of an unprofitableactivity or subsidiary from the holding companyto the bank. In addition, the transfer of a bankholding company subsidiary to a bank, wherebythe bank assumes the liabilities of the affiliateraises supervisory concerns and may violateSections 23A and 23B of the Federal ReserveAct.Another example is the transfer of a subsidi-

ary bank’s deferred taxes, together with anequivalent amount of cash or earning assets, tothe parent. In such a transaction, a subsidiarybank’s liquidity position is weakened. All suchtransfers of deferred taxes must be reversed andthe bank’s asset and liability accounts restoredto their level prior to the transfer. For a detaileddiscussion on transfers of a bank’s deferred taxliability, see Manual section 2070.0.A bank holding company may transfer a liqui-

dating asset from a subsidiary bank to a section4(c)(1)(D) liquidating subsidiary of the holdingcompany. Also, pursuant to section 4(c)(3) of

the Act, a BHC may transfer from a subsidiarybank an asset to be disposed of pursuant to therequest of the bank’s primary regulator. Formore information on the transfer of such assetsand the time parameters involved, refer to Man-ual section 3030.0.The purchase of low-quality assets is prohib-

ited by Section 23A of the Federal Reserve Act.Refer to section 2020.1.1.5 for a listing of trans-actions that are exempt from the limitations ofSection 23A of the Federal Reserve Act.


1. To review intercompany sale and transferof assets to assess the impact on the subsidiarybank.2. To initiate corrective action to reverse the

transaction, if necessary.


1. During the preinspection process, reviewall notes to financial statements, the FR Y-8report, and the examination reports of subsidi-ary banks to ascertain whether any purchase ortransfer of assets has occurred between the sub-sidiary banks and the parent holding companyor nonbank subsidiaries.2. In the officer’s questionnaire, request in-

formation on any transfer or sale of assets be-tween the subsidiary bank and the parent hold-ing company or the nonbank subsidiaries.3. During the inspection, review all facts re-

garding any sale or transfer of assets transac-tions and assess their impact on the subsidiarybank. Examiners should determine:

a. Whether the transaction required andreceived the approval of the bank’s primaryregulator; and

b. The quality of the assets transferred orsold, and whether the sale of the assets was at aprice significantly higher than would have beenrealized in an arm’s-length transaction.4. Discuss findings with management

including:a. Apparent prejudicial transactions and

violations of regulations; andb. Any unsound practices.

BHC Supervision Manual December 1992Page 1

Intercompany Transactions(Compensating Balances) Section 2020.4

A compensating balance is a deposit maintainedby a firm at a bank to compensate the bank forloans and lines of credit granted to the firm.Often, a commercial bank, when extendingcredit, requires an average deposit balance equalto a fixed percentage of the outstanding loanbalance. Compensating balance requirementsvary from informal understandings to formalcontracts. Deposits maintained as compensatingbalances may be demand or time, active ordormant. Frequently, a lending bank will allowcompensating balances to be supplied by a de-positor other than the borrower itself. If com-pensating balances are maintained by a BHC’ssubsidiary bank on behalf of its parent, thepractice is considered a diversion of bank in-come (i.e., the bank loses the opportunity toearn income on the balances that could be in-vested elsewhere). In general, this practice isinappropriate unless the bank is being compen-sated at an appropriate rate of interest. If thebank is not being appropriately reimbursed, thepractice should be criticized and action taken toinsure that the bank is compensated for the useof its funds.BHCs borrow directly from nonaffiliated

banks, using the proceeds for both bank andnonbank operations and investments. Also, bankholding companies seek credit lines from banksto back their borrowings in commercial papermarkets and for other liquidity purposes. Non-bank subsidiaries of bank holding companiesborrow from banks to fund activities such asmortgage banking, leasing and sales finance. Insome cases, when a bank holding company orits nonbank subsidiaries borrow, the subsidiarybank’s deposit at the lending institution may beaccepted as a compensating balance for the bor-rowings of other members of the bank holdingcompany organization. Such transactions raisequestions under Section 23B of the Federal Re-serve Act regarding the bank’s compensationfor such services.Often the distinction between correspondent

balances and compensating balances is not clear.Occasionally, the rate of the required compen-sating balance is written into the loan agree-ment; however, informal understandings usuallyappear to determine the amount of compensat-ing balance maintained. At times, a balance maybe identified in the bank’s books as a compen-sating balance. A compensating balance mayalso be identified as an amount above a corre-spondent balance historically maintained by thebank. Compensating balances may also appearas a dormant account or may be the aggregate

amount of a number of deposits of various sub-sidiary banks.The interest rate on the loan to the holding

company organization may also be helpful indetermining the existence of compensating bal-ances. Loans below the lending bank’s normalrate may indicate that the lending bank is receiv-ing compensation in another form.At times, excess correspondent balances are

maintained to encourage participation relation-ships and for other goodwill reasons. Therefore,the existence of excess balances may not alwaysindicate that there is a compensating balanceagreement.Although a bank holding company may com-

pensate its subsidiary banks for the use of thefunds, the compensation may not equal the op-portunity cost associated with providing thecompensating balance. As a result, subsidiarybanks which maintain compensating balancesfor holding company members may foregoprofit opportunities, and this practice may havea negative impact on the bank’s earnings andcapital adequacy. The amount of such compen-sation should be equal to a fair market rate.If the lending bank has the right of offset to

compensating balances maintained by the sub-sidiary bank in case of default by parent ornonbank subsidiaries, the subsidiary bank’sfunds are jeopardized. Such potential loss offunds should be commented on by the examiner.


1. To identify compensating balances main-tained by a subsidiary bank for the parent hold-ing company or any nonbank affiliate.2. To determine whether the subsidiary bank

is adequately reimbursed for the maintenance ofany compensating balances.


1. During the preinspection process:a. Review the subsidiary bank examina-

tion reports or contact management to determinewhether the non-affiliated banks, lending to theholding company organization, are correspon-dents of the subsidiary banks. Where applicable,request detailed loan information which could


provide information on the compensating bal-ances’ terms required by the lending bank.

b. Review the notes to the financial state-ments and other available material, such as10–K reports filed with the SEC, which maydescribe compensating balance agreements.FR Y–8 reports should be reviewed for ques-tions applicable to compensating balances.2. Review interbank loan agreements to de-

termine whether compensating balances are for-mally required. Assess the terms of the loan todetermine whether the loan appears to be at fairmarket rates for this type of credit request.3. Request and review the account balance

and monthly account statement provided by thelending bank to identify the amount of compen-sating balances. The statement should be avail-able within the holding company or bank.

4. Request from management information re-garding compensating balances maintained bysubsidiary banks for the benefit of other affili-ates.5. Review the subsidiary bank’s historical

level of correspondent balances to assess trends.Compare levels of balances prior to any loanorigination or interest rate changes.6. Review intercompany accounts to deter-

mine the amount of compensation paid to thesubsidiary bank for maintaining compensatingbalances. Assess adequacy of compensation. As-sess impact of practice on the bank’s financialcondition.7. Discuss with management the reasons for

any apparent excess balances, and whether com-pensating balances are formally or informallyrequired.

Intercompany Transactions (Compensating Balances) 2020.4


Intercompany Transactions(Dividends) Section 2020.5


Effective July 2012, this section was revised toupdate the references within the table of Laws,Regulations, Interpretations, and Orders.

Dividends are a means by which a corporationdistributes earnings or assets to its shareholders.Although the word ‘‘dividends’’ usually appliesto funds paid out of net profits or surplus and isusually thought of in such a context, dividendscan also be made ‘‘in kind,’’ which means inproperty or commodities. This section does notdiscuss ‘‘stock dividends’’ which representtransfers from retained earnings to paid-in capi-tal rather than distributions of earnings. Divi-dends from the subsidiaries, both bank and non-bank, to the parent company are the means bywhich a cash return is realized on the invest-ment in subsidiaries, thus enabling the parent topay dividends to its shareholders and to meet itsdebt service requirements and other obligations.

Dividends paid by any corporation are gener-ally limited by certain State laws. Banks, how-ever, are subject to further legal restrictions ondividends by their chartering authority and otherregulators. Aside from the statutory limitations,the primary consideration in this area is thesubsidiary’s level of capital and its ability tomeet future capital needs through earningsretention.

Although there are no specific regulationsrestricting dividend payments by bank holdingcompanies other than State corporate laws,supervisory concern focuses on the holdingcompany’s capital position, its ability to meet itsfinancial obligations as they come due, and itscapacity to act as a source of financial strengthto its subsidiaries. Some one-bank holding com-panies may be restricted in the amount of divi-dends they may pay as a result of certain limita-tions placed on future dividend distributions atthe time of the holding company’s formation.(see Manual section 2090.2)

When analyzing the dividend practices of thesubsidiaries and the parent company the follow-ing must be considered: the present level ofcapital in relation to total assets, risk assets, andclassified assets; growth rates and additionalplans for expansion; past earnings performanceand projections; and the ability to service debt.

Aside from reasonable and timely fees forservices rendered, the most appropriate way forfunds to be paid by the bank to the parent isthrough dividends. This principle applies, in

general, to bank payments of funds to serviceholding company debt, even when the debt wasinitially incurred to raise equity capital for thesubsidiary bank. It is not considered an appro-priate banking practice for the subsidiary bankto pay management fees for the purpose ofservicing holding company debt. Funds for ser-vicing holding company debt should, as ageneral rule, be upstreamed in the form ofdividends.

2020.5.1 POLICY STATEMENT ONCASH DIVIDEND PAYMENTS

On November 14, 1985 the Board approved apolicy statement on the payment of cash divi-dends by state member banks and bank holdingcompanies that are experiencing financial diffi-culties. The policy statement addresses the fol-lowing practices of supervisory concern byinstitutions that are experiencing earnings weak-nesses, other serious problems, or that haveinadequate capital:

• The payment of dividends not covered byearnings,

• The payment of dividends from borrowedfunds,

• The payment of dividends from unusual ornonrecurring gains, such as the sale of prop-erty or other assets.

It is the Federal Reserve’s view that an orga-nization experiencing earnings weaknesses orother financial pressures should not maintain alevel of cash dividends that exceeds its netincome, that is inconsistent with the organiza-tion’s capital position, or that can only befunded in ways that may weaken the organiza-tion’s financial health. In some instances, it maybe appropriate to eliminate cash dividends alto-gether. The policy statement is as follows:

2020.5.1.1 Policy Statement on thePayment of Cash Dividends by StateMember Banks and Bank HoldingCompanies

The Board of Governors of the Federal ReserveSystem considers adequate capital to be criticalto the health of individual banking organiza-


tions and to the safety and stability of the bank-ing system. A major determinant of a bank’s orbank holding company’s capital adequacy is thestrength of its earnings and the extent to whichits earnings are retained and added to capital orpaid out to shareholders in the form of cashdividends.

Normally, during profitable periods, divi-dends represent an appropriate return of a por-tion of a banking organization’s net earnings toits shareholders. However, the payment of cashdividends that are not fully covered by earnings,in effect, represents the return of a portion of anorganization’s capital at a time when circum-stances may indicate instead the need tostrengthen capital and concentrate financialresources on resolving the organization’sproblems.

As a matter of prudent banking, therefore, theBoard believes that a bank or bank holdingcompany generally should not maintain its exist-ing rate of cash dividends on common stockunless 1) the organization’s net income avail-able to common shareholders over the past yearhas been sufficient to fully fund the dividendsand 2) the prospective rate of earnings retentionappears consistent with the organization’s capi-tal needs, asset quality, and overall financialcondition. Any banking organization whosecash dividends are inconsistent with either ofthese criteria should give serious considerationto cutting or eliminating its dividends. Such anaction will help to conserve the organization’scapital base and assist it in weathering a periodof adversity. Once earnings have begun toimprove, capital can be strengthened by keepingdividends at a level that allows for an increasein the rate of earnings retention until anadequate capital position has been restored.

The Board also believes it is inappropriate fora banking organization that is experiencing seri-ous financial problems or that has inadequatecapital to borrow in order to pay dividends sincethis can result in increased leverage at the verytime the organization needs to reduce its debt orincrease its capital. Similarly, the payment ofdividends based solely or largely upon gainsresulting from unusual or nonrecurring events,such as the sale of the organization’s building orthe disposition of other assets, may not be pru-dent or warranted, especially if the fundsderived from such transactions could be betteremployed to strengthen the organization’s finan-cial resources.

A fundamental principle underlying the Fed-

eral Reserve’s supervision and regulation ofbank holding companies is that bank holdingcompanies should serve as a source of manage-rial and financial strength to their subsidiarybanks. The Board believes, therefore, that abank holding company should not maintain alevel of cash dividends to its shareholders thatplaces undue pressure on the capital of banksubsidiaries, or that can be funded only throughadditional borrowings or other arrangementsthat may undermine the bank holding com-pany’s ability to serve as a source of strength.Thus, for example, if a major subsidiary bankis unable to pay dividends to its parentcompany—as a consequence of statutory limi-tations, intervention by the primary supervisor,or noncompliance with regulatory capitalrequirements—the bank holding companyshould give serious consideration to reducing oreliminating its dividends in order to conserve itscapital base and provide capital assistance to thesubsidiary bank. . . .

This statement of principles is not meant toestablish new or rigid regulatory standards;rather, it reiterates what for most banks, andbusinesses in general, constitutes prudent finan-cial practice. Boards of directors should continu-ally review dividend policies in light of theirorganizations’ financial condition and compli-ance with regulatory capital requirements, andshould ensure that such policies are consistentwith the principles outlined above. FederalReserve examiners will be guided by these prin-ciples in evaluating dividend policies and informulating corrective action programs forbanking organizations that are experiencingearnings weaknesses, asset quality problems, orthat are otherwise subject to unusual financialpressures.


1. To assure compliance with statutes and theBoard’s November 1985, Policy Statement.

2. To determine reasonableness of dividendpayout at both the subsidiary and holding com-pany levels.

Depending on the type of charter and mem-bership in the Federal Reserve, all insured com-mercial banks are subject to certain legal restric-tions on dividends. In the case of nonbanksubsidiaries and holding companies, there areno specific federal statutes, other than the policystatements discussed, which apply to dividendpayments. State corporate laws would apply.One objective of the inspection process is to

Intercompany Transactions (Dividends) 2020.5


check for compliance with these laws and tofollow-up on any violations.

In some cases dividends which comply withthe regulations still may not be in the bestinterest of the bank. It is the examiner’s respon-sibility to assess the reasonableness of dividendpayments in relation to each subsidiary’s capitalneeds. Evaluation of the holding company’sdividend policy and payment requires a reviewat both the parent company and the consolidatedlevels. On a consolidated basis the holding com-pany’s capital level in relation to the quantityand quality of total assets, earnings history andpotential, and growth rates are important in theassessment of a reasonable dividend payout. Atthe parent level, the method of funding divi-dends should be reviewed. For example, a wellcapitalized corporation with strong earningsmight pay dividends which could be consideredunreasonable if the organization were in astrained liquidity position.


1. Review dividend payments by subsidiariesand the parent company. Check for compliancewith appropriate statutes and the Board’sNovember 14, 1985 policy statement on thePayment of Cash Dividends. Discuss violationswith management and comment on the ‘‘Exam-iner’s Comments and Matters Requiring SpecialAttention’’ page.

This step will often require a review of netearnings and changes in the capital accounts inthe past years, as legal restrictions on dividendsoften apply to cumulative income for severalyears rather than just the year the dividend isactually paid. For this reason detailed workingpapers are important, as these can help to avoidduplications of effort at future inspections. Insome situations the regulations provide thatdividends may be paid in excess of currentyear’s earnings. If prior approval from thebank’s primary regulator is necessary, verifythat it has been obtained. Any violations ofdividend statutes should be discussed with man-agement and cited in the ‘‘Examiner’s Com-ments and Matters Requiring Special Atten-tion’’ page of the inspection report.

2. Analyze dividend payouts of subsidiariesand the parent in terms of capital adequacy,earnings and earnings potential.

Discuss excessive dividend payouts at anylevel with management and comment on the‘‘Examiner’s Comments and Matters RequiringSpecial Attention’’ page of the inspection report.In assessing the reasonableness of dividend pay-

ments by subsidiaries and the holding company,the organization’s capital adequacy and futurecapital needs must be judged with the followingin mind: the volume of total assets; asset quality(the percentage of weighted classified assets togross capital could be used as an indicator ofquality); asset mix and liquidity; asset growthrates and projections; and plans for expansionand development of new areas. The subsidiary’sor the holding company’s ability to augmentcapital through earnings is also important. If abank, nonbank or holding company has a consis-tently strong earnings record and its capital posi-tion is healthy, a higher dividend payout may beacceptable than would be otherwise. In analyz-ing the strength of earnings both quantity andquality must be considered. The actual qualityof earnings and earnings potential are related tooperating income rather than extraordinaryitems, significant capital or securities gains, orsubstantial increases resulting from tax consid-erations.

3. Review the funding of dividends paid bythe holding company. Analyze the parent’s cashflow and income statements in accordance withsection 4010.0 of this manual. Discuss any inap-propriate funding with management and com-ment on, based on their severity, either on the‘‘Cash Flow Statement (Parent),’’ or the ‘‘Analy-sis of Financial Factors’’ and the ‘‘Examiner’sComments and Matters Requiring SpecialAttention’’ pages.

An analysis of the parent company’s cashflow statement supplemented by the incomestatement will identify the source of cash fordividend payments. The parent company hascash inflow from various sources including:dividends from subsidiaries, income from activi-ties conducted for its own account, interestincome on advances to subsidiaries, manage-ment and service fees, borrowings, and tax sav-ings resulting from filing a consolidated taxreturn. Dividends should be internally fundedfrom dividends paid by the subsidiaries, theparent company’s earnings from activities forits own account or from interest income onadvances to subsidiaries. Should the analysis ofthe cash flow statement indicate that dividendspaid by the parent exceed cash inflow fromthese sources, further attention to the area isrequired to determine the actual underlyingsource of dividend funding. As discussed in thesection on management and service fees, theseare properly assessed at market value or cost ofservices rendered. They are not to be charged



simply to divert income from subsidiaries inorder to pay dividends. Borrowing to fund divi-dends is fundamentally an unsound practice.

When dividends paid by the holding com-pany are funded by the bank subsidiary, it ispossible to control indirectly the holding com-pany’s dividend payout level when it is deter-mined to be detrimental to the bank subsidiary.It is important to remember that the primaryresponsibility of bank regulators is the promo-tion of safe and sound banking operations. Otherthan the mentioned policy statement there areno specific federal laws restricting dividends

paid by bank holding companies; however, theSystem’s cease and desist authority over bankholding companies does afford the ability tocurb excessive dividend payouts.

Whenever the examiner determines that divi-dend payments at the subsidiary level or parentlevel are not reasonable, are not in the bestinterest of the organization, or are not funded ina proper manner, discussion with managementand a close look at its philosophy are essential.Remarks on the matter should appear on the‘‘Examiner’s Comments and Matters RequiringSpecial Attention’’ page of the report.



Dividend limits for nationalbanks

5199(b)

Dividend limits 5204

Dividend limits for Statemember banks

Section9, F.R.Act

Capital limitations andearnings limitationson the payment ofdividends by statemember banks

208.5 3–160

Board policy statement onassessment of financialfactors, one bank holdingcompanies (para. 4dividend restrictions)

225 appendix C 4–868 1980 FRB 320

Board policy statement ondividends for bankingorganizations havingfinancial difficulties

4–877 1986 FRB 26





Intercompany Transactions(Management and Service Fees) Section 2020.6

A bank holding company is permitted to ownnonbank subsidiaries that furnish services to orperform services for its other subsidiaries pursu-ant to section 4(a)(2)(A), 4(c)(1)(C), or 4(c)(8)of the BHC Act. Many bank holding companiescharge fees for providing to their subsidiariesservices such as management advice, personnelservices, data processing, marketing, supplyadministration, investment advice, bookkeep-ing, and trust services. The fees for these ser-vices that are assessed against subsidiary bankstake many forms and are an area of potentialabuse. In addition to direct fees paid to anaffiliate, the compensation for providing theseservices might take the form of salaries or direc-tors’ fees paid to the bank holding company’smanagement. A holding company should not,directly or indirectly through other subsidiaries,burden its bank subsidiaries with excessivefees or charge for services unrelated to valuereceived in order to fund its debt service, divi-dend payments, or support of other subsidiaries.

Examiners should review the fees charged bya holding company’s bank and nonbank subsid-iaries to any banking subsidiary and judge thereasonableness of those fees by examining thereasonableness of the services provided and thebasis for allocating fees. Fees charged nonbanksubsidiaries and independent third parties shouldnot be more favorable than fees charged bank-ing subsidiaries. They should be reasonable andjustifiable and be based on the fair market valueof services provided or, when there is no marketestablished for a particular service, on actualcost plus a reasonable profit.The market valueof similar services is the preferred basis of feeassessment.When fees are based on cost plus areasonable profit, there is less incentive for theefficient and effective use of resources, becausea profit margin is built in regardless of the costsinvolved. In many situations, however, the costmethod is the only method possible.

Any method of pricing services provided tobank subsidiaries that is based on anything otherthan value received is inappropriate. The feemechanism should not be used to divert incomefrom any bank subsidiary to meet the parent’sfinancial needs if those needs are unrelated tothe provision of services to that subsidiary. Inaddition, banks are prohibited from paying man-agement fees* if it would cause the institution tobecome undercapitalized (see title I, section 131

of the FDIC Improvement Act of 1991 or sec-tion 38 of the FDIC Act).Any fee for services to a banking subsidiary

should be supported by evidence that the parentor other affiliate provided the service. Servicesprovided by bank holding companies shouldserve the needs of the subsidiary bank; chargesfor services that appear to duplicate existingsubsidiary-bank functions should be supportedby a detailed explanation of the net benefitderived by the subsidiary bank and by an analy-sis of the reasonableness of the fee.When it is impractical to allocate expenses on

a direct-charge basis, bank holding companiesfrequently allocate overhead expenses to subsid-iaries. Although this practice can be consideredacceptable with regard to nonbanking subsidi-aries, allocating all bank holding companyexpenses to bank subsidiaries is not permitted.The parent company should bear a portion ofthe costs connected with, for example, the hold-ing company’s investor/shareholder relations,regulatory reporting requirements, acquisitions,formations, applications, board of directors, andstrategic planning. Bank holding companies are,however, expected to support their subsidiarybanks, and expenses incurred to serve the needsof the subsidiary banks, such as expensesincurred in raising capital for subsidiary banks,can appropriately be allocated to those subsidi-ary banks that benefit from the services pro-vided, in proportion to the benefit received fromthe service.All fees for services rendered should be sup-

ported by written agreements that describe theservice, the fees to be charged, and the methodof allocating the fees among the subsidiaries.The absence of such contracts between the sub-sidiaries of the holding company is consideredinappropriate and an unsafe and unsound bank-ing practice. Supervisory action should be taken,in a manner consistent with the financial condi-tion of the holding company and the subsidiarybank, to eliminate the improper practices. Thepractices should be criticized in the inspectionreport and actions taken to see that the situationis satisfactorily resolved. If the practices arehaving a serious impact on the bank, or if theymight reasonably be expected to have a severeimpact given the bank’s financial condition, for-mal administrative action should be consideredin order to require the holding company to ter-minate the practices and make restitution to thesubsidiary bank.

* ‘‘Management fees’’ does not include fees for such ser-vices as electronic data processing or auditing.


A bank’s prepayment of service fees to theparent company and payment of expenses in-curred primarily in conjunction with holdingcompany activities unconnected with the bankalso are cause for supervisory concern. In gen-eral, prepayment for services is inappropriateunless the bank holding company can demon-strate that prepayment is standard industry prac-tice for nonbanking companies acquiring thesame service. Prepayment of sums for servicesthat are not to be provided in the immediatefuture (for example, prepayment of an entireyear’s fees for services to be rendered through-out the year) can have an adverse impact on thebank and is therefore inappropriate. These prac-tices should be addressed by requiring timelyand reasonable payments for services and reim-bursement to the banks for what are essentiallyholding company expenses. If bank expensesare incurred substantially in support of a hold-ing company activity, the bank should be reim-bursed for that portion of its cash outlay thatbenefits the holding company. Reimbursementis necessary to ensure that bank resources arenot diverted to a holding company affiliate withlittle or no benefit to the bank.Aside from reasonable and timely fees for

services rendered, the most appropriate way,from a supervisory standpoint, for funds to bepaid to the parent company is through divi-dends. This principle applies, in general, to bankpayment of funds to service holding companydebt, even when the debt was initially incurredto raise equity capital for the subsidiary bank. Itis an inappropriate banking practice for the sub-sidiary bank to pay management fees for thepurpose of servicing holding company debt.Funds for servicing holding company debtshould, as a general rule, be upstreamed in theform of dividends.

2020.6.1 TRANSACTIONS SUBJECTTO FEDERAL RESERVE ACTSECTION 23B

Section 23B of the FRA applies to any coveredtransaction with an ‘‘affiliate,’’ as that term isdefined in section 23A of the FRA. Section 23Balso applies to a number of transactions that arenot covered by section 23A, for example, trans-actions that involve the payment of money orthe furnishing of services to an affiliate undercontract, lease, or otherwise, or transactions inwhich an affiliate acts as an agent or a broker or

receives a fee for its services. Although transac-tions between sister banks and banks that arepart of a chain banking organization are exemptfrom section 23B, section 23A requires thatcovered transactions between a bank and anaffiliate be conducted at arm’s length. See sec-tion 2020.1.2 for other transactions that are cov-ered by section 23B and the requirements thatpertain to all such transactions. For examples oftransactions that could violate section 23B, seesection 3700.10, dealing with an application toprovide armored car services through a bankholding company’s nonbank subsidiary.


1. To determine whether the holding com-pany and its subsidiaries charge fees to banksubsidiaries based on value received and fairmarket value.2. To determine whether the subsidiaries are

actually receiving these services.3. To determine that the timing of fee pay-

ments is appropriate.4. To determine whether there is an agree-

ment between the entities relating to specificservices and fees charged.5. To determine if any fees result in an

unsafe or unsound condition in any subsidiarybank.Once the management policy underlying the

fee structure is clearly understood, it is impor-tant for the examiner to determine that practiceis consistent with policy. For example, if man-agement indicates that fees charged are basedon the fair market value of services received butthe fee structure is actually geared to the banksubsidiary’s asset size, an inconsistency exists.Assuming either that all of the bank subsidiarieshave access to the same or similar markets forthe services being provided by the bank holdingcompany or that cost is used consistently todetermine pricing, the established pricing struc-ture should be used for all subsidiaries. Devia-tions from established policy intended tochannel a greater proportion of income fromfinancially sound banks to financially weak onesshould be noted.When it has been established that the fee

structure is reasonable and is consistently fol-lowed, a final question remains. Are the banksubsidiaries actually receiving the services forwhich they are charged? This may be difficult toascertain in many cases, but serious efforts mustbe made.It is important that the basic business princi-

ples of an arm’s-length transaction be applied to

Intercompany Transactions (Management and Service Fees) 2020.6


all transactions between banks and their affili-ates. This approach provides protection for allthe interests involved. In addition, paymentshould be made within a reasonable time of therendering of the services. It is inequitable for thebank subsidiary to pay fees far in advance inorder to suit the parent’s cash needs. A clearlyunderstood agreement between the holdingcompany and its bank subsidiaries detailing theduties and responsibilities of each party and themethod to be used for fee assessment is alsoimportant to the servicing arrangement.


1. Review and analyze the policy regardingmanagement and other services provided tobank subsidiaries and the method of assessingfees.2. Determine the basis for valuation.3. Review the actual pricing structure as it is

applied.4. Verify the following:a. Fees are charged in accordance with

pricing structure.b. Pricing structure is consistently applied

for all bank subsidiaries.c. Bank subsidiaries are actually receiving

services for which they are assessed. Determinewhether fee payments have caused the institu-tion to become undercapitalized.

d. Payments are made in a timely manner.5. Review examination reports on bank sub-

sidiaries for comments on fee assessment.6. Analyze the parent company’s cash flow

and income statements for intercompany fees.7. Review recordkeeping.A review of management’s written or stated

policy regarding services provided subsidiariesand fee assessment is a logical starting point forthe analysis of this area. The policy should bediscussed with the holding company’s officersto ensure that the examiner has a clear under-standing of the purpose and basic underlyingphilosophy. Any policy that calls for fee assess-ment based on standards other than fair marketvalue or the cost of providing the servicesrequires discussion with management and com-ment on page 1 of the report.The determination of fair market value or

cost of providing services is the responsibilityof the holding company. The examiner shouldreview the market or cost information used tojustify the pricing of services and be satisfiedthat the data presented actually supports the feestructure. Request a copy of the pricing sched-ule as it is applied, and determine that it is

actually based on the valuation of the servicesreceived and consistent with stated policy. Anyvariations from the basic structure among thebank subsidiaries would also require supportfrom the market or cost data furnished.Once the holding company’s policy, valua-

tion data, and pricing structure are analyzed,they should be verified. Check the service at thebank-subsidiary level. The verification processcan be modified as deemed appropriate by theexaminer.Note the timing of payment for services. Fees

for services should be billed and paid as they arereceived, just as they would be with an unaffili-ated servicer. Prepayments are inappropriate inmost cases.Written service agreements should be in

effect specifically detailing the types and extentof services being rendered and the method ofpricing. Any significant exceptions found dur-ing the verification process merit follow-up andcomments in the report.Thus far, these inspection procedures for

management and service fees have emphasizeda review of management’s stated intent and theactual fees charged on the individual bank-subsidiary level and have been somewhat ori-ented toward micro-level analysis. An overallview of the parent company’s cash flow andincome statements can also provide certain indi-cators of appropriateness of fees. The parentcompany should be servicing its debt and pay-ing dividends from sources other than manage-ment fees and service fees collected from banksubsidiaries. If the ratio of management andservice fees to parent-company salaries andother expenses significantly exceeds 100 per-cent, the holding company could be chargingfees that are unrelated to the value of the ser-vice. This situation would call for furtherinvestigation.




Subject Laws1 Regulations2 Interpretations3 Orders

Statement of practice andprocedure in reference tounsound bankingpractices; diversion-of-bank-income practices (SR-79-533,March 19, 1979)

4–876

Potential violations ofsection 23B of theFederal Reserve Act:

1993 FRB 352

1. Proposal by a bank holdingcompany to provide armoredcar services to its bankingsubsidiary through a de novononbank subsidiary. The costof the service would be morethan the cost of armored carservices currently receivedfrom an unaffiliated provider.

2. Proposal whereby the bankholding company’s de novononbanking subsidiary wouldpay a flat fee based on apercentage of its directoperating expenses to coverall the back-office servicesprovided by the holdingcompany’s banking subsidiary.


3. Federal Reserve Regulatory Servicereference.



Intercompany Transactions(Transfer of Low-Quality Assets) Section 2020.7

The transfer of low-quality assets to an insureddepository institution can be reason for supervi-sory concern. Such transfers may be made toavoid detection and classification during regula-tory examinations, and may be accomplishedthrough participations, purchases/sales, andasset swaps with other affiliated or nonaffiliatedentities. The donation of an asset with liabilitiesalso is treated as a purchase of assets. Aninsured depository institution may not purchasea low-quality asset from an affiliate unless, pur-suant to an independent credit evaluation, themember bank had committed itself to purchasethe asset before the time the asset was acquiredby the affiliate. Examiners should be alert tosituations where an institution’s intentionappears to be the concealment of low-qualityassets for the purpose of avoiding examinationscrutiny and possible classification.

During holding company inspections, exam-iners should identify situations where low-quality assets have been transferred between theholding company and its subsidiaries and asubsidiary-insured depository institution. Low-quality assets are defined in the Federal ReserveBoard’s Regulation W (12 CFR 223.3(v)). Ingeneral, low-quality assets include assets thatare classified or specially mentioned, or if sub-jected to review would most likely be classifiedor specially mentioned, including assets classi-fied based on the institution’s internal ratingsystem. Low-quality assets also include past dueloans, nonaccrual loans, loans on which theterms have been renegotiated because of a bor-rower’s poor financial condition, and any otherasset acquired through foreclosure, reposses-sion, or otherwise in satisfaction of a debt previ-ously contracted, if the asset has not yet beenreviewed in an examination or inspection. Otherassets of questionable quality would includenoninvestment grade securities and other realestate owned (OREO). The transfer of assets toavoid supervisory review is a highly improperand unsound banking practice and may be aviolation of section 23A of the Federal ReserveAct and the Federal Reserve Board’s Regula-tion W that should be addressed through formalsupervisory enforcement action, if necessary.

Any situations involving the transfer of low-quality assets to an insured depository institu-tion should be brought to the attention ofReserve Bank supervisory personnel who, inturn, should notify the local office of the pri-mary federal supervisor(s) of the other deposi-tory institution(s) involved in the transaction.For example, Reserve Banks should notify the

primary federal supervisor of any depositoryinstitution to whom a state member bank orholding company is transferring or has trans-ferred low-quality assets. Reserve Banks alsoshould notify the primary regulator of anydepository institution from which a state mem-ber bank or holding company is acquiring or hasacquired low-quality loans. This procedureapplies to transfers involving savings and loanassociations and savings banks, as well as com-mercial banking organizations.

Legitimate transfers of assets should be prop-erly recorded on the books of the acquiringinstitution at fair market value. If the transferwas with the parent holding company or a non-bank affiliate, determine that the transaction alsoshould be properly recorded on the books of theaffiliate.


1. To ensure that loan transfers involvingstate member banks, bank holding companies,savings and loan holding companies, and non-bank affiliates are carefully evaluated to deter-mine if they were carried out to avoid classifica-tion, and to determine the effect of the transferon the condition of the institution and to ascer-tain whether the transfer was consistent with therequirements of section 23A. Under section 23Aof the Federal Reserve Act, an asset purchase isa “covered transaction.” All “covered transac-tions” by a bank with a single affiliate and withall affiliates combined may not exceed 10 per-cent and 20 percent, respectively, of a bank’scapital and surplus.

2. To ensure that the primary supervisor ofthe other financial institution involved in thetransfer of low-quality assets is notified.


1. Determine whether assets were transferredprior to the date of examination to avoid pos-sible criticism during the examination.

2. Determine whether any of the loans trans-ferred were nonperforming at the time of trans-fer, classified at the previous examination, or forany other reason were considered to be low-quality assets.

3. Review the institution’s policies and pro-

BHC Supervision Manual February 2019Page 1

cedures to determine whether assets or participa-tions purchased are given an independent, com-plete and adequate credit evaluation. If a bank isa holding company subsidiary or a member of achain banking organization, review asset pur-chases or participations from affiliates or otherknown members of the organization to deter-mine if the asset purchases are given an arms-length and independent credit evaluation by thepurchasing bank.

4. Determine whether any purchases of assetsfrom an affiliate comply with section 23A,which generally prohibits purchases of low-quality assets from an affiliate and limits assetpurchases and all other “covered transactions”by a bank from a single affiliate and all affiliatescombined to 10 percent and 20 percent, respec-tively, of a bank’s capital and surplus.

5. Determine whether any assets purchasedare properly reflected at fair market value (whilefair market value may be difficult to determine,it should at a minimum reflect both the rate ofreturn being earned on such assets and an appro-priate risk premium). Determine that appropri-ate write-offs are taken on any assets sold at lessthan book value.

6. Determine whether transactions involvingtransfers of low-quality assets to the parentholding company or a nonbank affiliate areproperly reflected at fair value on the books ofboth the bank and the holding company affiliate.

7. If low-quality assets were transferred to orfrom another financial institution for which theFederal Reserve is not the primary supervisor,prepare a memorandum to be submitted to theReserve Bank supervisory personnel. TheReserve Bank will then inform the local officeof the primary federal supervisor of the otherinstitution involved in the transfer. The memo-randum should include the following informa-tion, as applicable:

• Name of originating and receiving institu-tions.

• Type of assets involved and type of transfer(i.e., participation, purchase/sale, swap).

• Date(s) of transfer.• Total number and dollar amount of assets

transferred.• Status of the assets when transferred (e.g.,

nonperforming, classified)• Any other information that would be help-

ful to the other supervisor.

Intercompany Transactions (Transfer of Low-Quality Assets) 2020.7

BHC Supervision Manual February 2019Page 2

Intercompany Transactions(Split-Dollar Life Insurance) Section 2020.9

Split-dollar life insurance is a type of life insur-ance in which the purchaser of the policy paysat least part of the insurance premiums and isentitled to only a portion of the cash surrendervalue, or death benefit, or both. See SR-93-37and its attachments for further discussion of theFederal Reserve’s position on such arrange-ments between bank holding companies andtheir subsidiary banks.

2020.9.1 SPLIT-DOLLAR LIFEINSURANCE POLICYARRANGEMENTS

Certain split-dollar life insurance policyarrangements involving banks and their parentbank holding companies raise legal and safety-and-soundness concerns. These arrangementsfall into two general categories: (1) those inwhich the subsidiary bank owns the policy, paysall or substantially all of the premiums and isreimbursed for the premium payments (if at all)at some time in the future (endorsement plans)and (2) those in which the parent holding com-pany owns the policy, and pays the premium,but uses the insurance policy as collateral forloans from its subsidiary bank (collateral assign-ment plans).

2020.9.1.1 Split-Dollar Life InsuranceEndorsement Plan

Under an endorsement plan, the subsidiary bankpurchases a policy in which its parent bankholding company or an officer, director, or prin-cipal shareholder thereof is the primary benefi-ciary, rather than the bank or one of its officersor directors. In this instance, the subsidiary bankreceives only a limited portion of the deathbenefit—usually an amount equal to its pre-mium payments plus interest. The primary ben-eficiary—the holding company or one of itsofficers, directors, or principal shareholders—receives a majority of the insurance proceedsbut pays little or nothing for the benefit. Manyof the policies in this category are single-premium universal life policies, whereby thesubsidiary bank pays one large lump sum pre-mium payment for the policy. Generally, a sub-sidiary bank involved in an endorsement planrecords the cash surrender value of the policy asan asset on its books; the bank holding companydoes not record anything at the parent-onlylevel.

A variation of the endorsement plan is anarrangement in which the bank pays an annualpremium towards the policy and the parent hold-ing company reimburses the bank for a nominalamount of the annual premium payments. Theseamounts are substantially lower than the pre-mium payments made by the subsidiary bankand therefore do not accurately reflect the eco-nomic benefit derived by the holding companyas primary beneficiary of the insurance policy.

2020.9.1.2 Split-Dollar Life InsuranceCollateral Assignment Plan

Under a collateral assignment plan, the parentbank holding company owns the policy andpays the entire premium. The subsidiary bankmakes annual loans to the bank holding com-pany in an amount equal to the annual increasein the cash surrender value of the policy (or, insome cases, in amounts equal to premiums paid)with the policy itself serving as collateral for theloan. The loans are repayable at either the termi-nation of employment or the death of the insuredemployee, and will be paid using the deathbenefits available from the policy.

2020.9.2 COMPLIANCE WITHAPPLICABLE LAWS

2020.9.2.1 Compliance with Sections23A and 23B of the FRA

Both of the aforementioned types of split-dollarlife insurance policy arrangements may be inap-propriate if they are inconsistent with sections23A or 23B of the Federal Reserve Act (FRA).Section 23A places quantitative restrictions andother requirements on certain transactions,including loans, between banks and their affili-ates. The statute also requires that loans betweenbanks and their affiliates be secured with col-lateral having a specified market value thatdepends on the type of collateral used to securethe loan. Under an endorsement plan, where thesubsidiary bank pays all or substantially all ofthe insurance premiums, an unsecured extensionof credit from the subsidiary bank to its parentholding company generally results because thesubsidiary bank has paid the bank holding com-pany’s portion of the premium, and the bank


will not be reimbursed fully for its paymentuntil sometime in the future.Under a collateral assignment plan, if the

insurance policy held by the parent bank hold-ing company serves as collateral to secure aloan from its subsidiary bank, the loan may be aviolation of section 23A unless it meets thequantitative requirements of section 23A andthe cash surrender value of the insurance policyused as security is equal to 130 percent of theamount of the loan. Thus, a bank loan to theparent bank holding company that equals thecash surrender value of the insurance policy thatis serving as collateral would not be adequatelysecured under section 23A, unless additionalcollateral was provided.Both categories of split-dollar life insurance

policy arrangements may also lead to violationsof section 23B of the Federal Reserve Act,which requires that certain transactions involv-ing a bank and its affiliates be on terms andunder circumstances substantially the same or atleast as favorable to the bank as those prevailingat the time for comparable transactions with orinvolving nonaffiliated companies. Because thebank holding company is the beneficiary of thelife insurance policy, it is a participant in atransaction between a bank and a third party;therefore, the split-dollar life insurance transac-tion must meet the standards of section 23B.1

In order to conform to the statutory restrictionsof section 23B, the return to the bank fromownership of the policy should be commensu-rate with the size and nature of its financialcommitment. In most split-dollar insurancearrangements, the bank makes an investment inthe policy not for the purpose of insuring itselfagainst risk but for the purpose of obtaininginsurance for its holding company. The onlyreturn that the bank will get from its participa-tion in ownership of the policy is the return ofits initial investment and possibly some interest.However, the insurance company deducts thecost of maintaining the insurance coverage frominterest that would otherwise be credited to theequity in the policy. These costs include policyloads, surrender charges, and mortality costs.The holding company should fully reimbursethe bank for all of these charges. Examinersshould carefully evaluate these arrangementsbecause, in many cases, the reimbursement the

bank receives from the holding company isbased on an implied value of the insurancecoverage received by the holding company thatis less than the assessments made to the policyequity.In the process of evaluating split-dollar insur-

ance arrangements, examiners should keep inmind the fact that the advances made by a bankto purchase the insurance are the equivalent of aloan to the holding company. Therefore, to com-ply with section 23B, the terms of the loan, suchas its duration and interest rate, must be onmarket terms.

2020.9.2.2 Investment Authority Underthe National Bank Act

Participation by bank holding companies andtheir state-chartered and national bank subsidi-aries in split-dollar life insurance policy arrange-ments may also raise concerns whether the poli-cies are permissible bank investments undersection 24(7) of the National Bank Act. TheOffice of the Comptroller of the Currency’sinterpretation of this provision of the NationalBank Act (OCC Banking Circular 249, May 9,1991).2 In addition, under section 24 to theFederal Deposit Insurance Act, a state-charteredbank generally may not, without the FDIC’spermission, engage in any activity that is imper-missible for a national bank.3

2020.9.3 SAFETY-AND-SOUNDNESSCONCERNS

The purchase of a split-dollar life insurancepolicy may also constitute an unsafe andunsound banking practice involving the diver-sion of bank income or assets. If a subsidiarybank pays the entire insurance premium but isnot the beneficiary, it provides an economicbenefit to its parent holding company or otherbeneficiary for which it is not being adequatelyreimbursed or compensated. In this instance, thebank loses the opportunity to use its assets pro-ductively. Generally, the bank pays the premiumin return for the insurance company’s paymentof the entire proceeds. When the bank receivesless than the entire proceeds, it has, in effect,

1. The Federal Deposit Insurance Corporation has takenthe same position in a published interpretive letter, FDIC92-40, dated June 18, 1992.

2. National banks may not purchase life insurance as aninvestment. See OCC Banking Circular 249, for the testsunder which life insurance may be purchased and held fornoninvestment purposes.3. SR-92-97 (FIS) and SR-92-98 (FIS), dated December 16

and 21, 1992, respectively, describe the provisions of section24 of the Federal Deposit Insurance Act.

Intercompany Transactions (Split-Dollar Life Insurance) 2020.9


paid a higher than market price for whateverlimited benefit it may receive. This is also thecase when the primary beneficiary of the policyis an officer, director, or principal shareholder ofthe parent holding company. Such an arrange-ment is not consistent with safe and sound bank-ing practices because the subsidiary bank isconferring an economic benefit on an insider ofthe parent bank holding company withoutreceiving adequate compensation.

2020.9.4 EXAMINER REVIEW OFSPLIT-DOLLAR LIFE INSURANCE

Examiners should be fully aware of the prob-lems inherent in split-dollar life insurance pol-icy arrangements between bank holding compa-nies and their subsidiary banks. During thecourse of all bank examinations and bank hold-ing company inspections, examiners shouldreview corporate life insurance policy arrange-ments for compliance with applicable bankinglaws and safety-and-soundness standards.4 If asplit-dollar life insurance policy arrangementexists in either a bank holding company or astate member bank, it should be reviewed andmodified if it does not comply fully with the lawand principles of safe and sound banking. If abank holding company or a state member bankfails to take appropriate action to bring its split-dollar life insurance policy arrangements intocompliance, then the Reserve Bank should con-sider appropriate follow-up supervisory action(including a formal enforcement action) againstthe banking organization or its institution-affiliated parties, or both.


1. To determine if split-dollar life insurancearrangements between the parent holding com-pany and its subsidiary banks are consistentwith the provisions of sections 23A and 23B ofthe FRA.

2. To ascertain whether participation by bankholding companies and their national bank orstate-chartered bank subsidiaries is consistentwith section 24(7) of the National Bank Act andsection 24 of the Federal Deposit Insurance Act.3. To verify the cash surrender values of

split-dollar life insurance policies and toestablish whether those values have beenimpaired by loans to, liens by, or assignmentsto, third parties or by unauthorized borrowingsor cancellations.


1. Review corporate life insurance policyarrangements between the parent company andits subsidiary banks.

a. Determine if there are split-dollar lifeinsurance arrangements between any subsidiarybank and the parent company or officers ordirectors of the parent company.

b. If any such insurance arrangementexists, establish if the plan is either an endorse-ment plan or a collateral assignment plan.

c. Review arrangements involving a split-dollar life insurance policy purchased by theparent company.

(1) Review external documentation evi-dencing the cash surrender value. If no docu-mentation exists, ask the audit committee and itsinternal auditors—

(a) to obtain external documentationverifying its value and

(b) to verify that there are no out-standing loans, liens, or assignments against theinsurance policies.

(2) Establish whether the parent compa-ny’s board of directors has established policiesand implemented procedures for transactionsbetween the insurance carrier and the parentcompany to prevent unauthorized borrowing orcancellation of any insurance policy that has acash surrender value.

(3) Determine whether the corporate lifeinsurance policy arrangements are consistentwith applicable safety-and-soundness standards.

(4) Verify that the recorded value of therespective asset is equal to the unimpaired cashsurrender value of the asset.2. If an endorsement plan arrangement is pur-

chased by a subsidiary bank, establish whetherthe bank holding company is the beneficiary. Ifthe parent company is the beneficiary, such anarrangement may result in an unsecured exten-

4. Examiners conducting examinations of U.S. branchesand agencies of foreign banks and Edge corporations shouldalso be alerted to the problems associated with split-dollar lifeinsurance arrangements because these institutions could pur-chase insurance for the benefit of a parent foreign bank orcompany, or one of the parent’s officers or directors. Inaddition, section 7(h) of the International Banking Act of1978 prohibits state-licensed branches or agencies fromengaging in any activity that is impermissible for a federalbranch unless the Board determines that such activity isconsistent with ‘‘sound banking practice’’ and, in the case ofan FDIC-insured branch, the FDIC determines that the activ-ity poses no significant risk to the deposit insurance fund.



sion of credit when the subsidiary bank pays allor substantially all of the insurance premiumsbut is not reimbursed until some time in thefuture. Ascertain if the investment return to thebank from ownership of the policy is commen-surate with the size and nature of its financialcommitment.3. If a collateral assignment plan (when the

insurance policy held by the parent companyserves as collateral to secure a loan from asubsidiary bank), ascertain whether the cash sur-render value of the insurance policy is equal to130 percent of the amount of the loan.4. For both types of split-dollar life

insurance:a. Determine if the investment return from

ownership of the policy is commensurate withthe size and nature of the financial commitment,including all costs incurred for maintaining theinsurance coverage.

b. Determine if the terms (duration andmarket interest rate) of the advances made topurchase the insurance are on market terms.

c. If the bank holding company is thebeneficiary of a bank insurance policy and abank is a participant in the purchase of theinsurance from a third party, determine if thetransaction was on terms and under circum-stances that were substantially the same as or atleast as favorable to the bank as those thenprevailing for comparable transactions with orinvolving nonaffiliated companies.



Split-dollar lifeinsurance:

1. Endorsement plan:When a subsidiarybank has paid allthe BHC’s portionof the premium andthe bank will not bereimbursed untilsome time in thefuture, a loan resultsthat must be secured.

371c, FRAsection 23A

2. Collateral assignmentplan securing a loan:Cash surrender valuemust be 130 percentof the loan.

371c, FRAsection 23A

3. Both plans:

a. Transactions mustbe on terms andunder circumstancessubstantially thesame as thoseprevailing for third-party transactions.

371c, FRAsection 23B





b. When the BHC isthe beneficiary, thebank’s investmentreturn from the split-dollar life insurancepolicy should becommensurate withthe size and natureof the financialcommitment.

371c-1, FRAsection 23B

Split-dollar lifeinsurance premiumspaid by a bank on behalfof an executive officer ofthe bank are not deemedan extension of credit forpurposes of Regulation O,if the officer reported thepremiums as taxablecompensation to the IRS.

Regulation Ostaff opinion3-1081.3


3. Federal Reserve Regulatory Servicereference.



Grandfather Rights—Retention and Expansion of ActivitiesSection 2030.0

The history of bank holding company legisla-tion reflects a principle that banking and com-merce should be separated in order to preventabuses in the distribution of credit. The 1956Act generally required companies to divest theirnonbank activities and shares within two years.In the 1970 Amendments, the same requirementapplied to companies formed in the future. How-ever, one-bank holding companies in existenceat the time of these amendments were given a‘‘grace period’’ to comply with divestiturerequirements of the legislation. Those compa-nies whose bank and nonbank interests had beencombined on or before June 30, 1968, werepermitted to continue the existing combinationfor an indefinite period (indefinite or permanentgrandfather privileges). But those BHCs whichexisted at the time of the 1970 Amendments, butwhose bank was acquired or whose nonbankactivity was initiated after June 30, 1968, werepermitted to continue their nonbank activitiesfor only 10 years until December 31, 1980. Anexception to the divestiture deadline existedwith respect to certain real estate holdings.

Although indefinitely grandfathered compa-nies may continue to engage in nonbankingactivities, these grandfather privileges are sub-ject to review by the Federal Reserve Board atthe time when a company’s banking assetsexceed $60 million.1

2030.0.1 INDEFINITE GRANDFATHERPRIVILEGES

Under the provisions of section 4(a)(2) of theAct, as amended in 1970, relating to grandfatherprivileges for certain nonbanking activities ofbank holding companies, the Reserve Bankshave been delegated the authority to determinethat termination of grandfathered activities of aparticular bank holding company is not war-ranted; provided, the Reserve Bank is satisfiedthat all of the following conditions are met:

1. The company or its successor is ‘‘a com-pany covered in 1970;’’

2. The nonbanking activities for whichindefinite grandfather privileges are beingsought do not present any significant unsettledpolicy issues; and

3. The bank holding company was lawfullyengaged in such activities as of June 30, 1968and has been engaged in such activities continu-ously thereafter.

A company covered in 1970 is defined insection 2(b) of the Act as ‘‘a company whichbecomes a bank holding company as a result ofthe enactment of the Bank Holding CompanyAct Amendments of 1970 and which wouldhave been a bank holding company on June 30,1968, if those amendments had been enacted onthat date.’’ The Board has also determined thatthe company must have owned at least 25 per-cent of the voting shares of the same subsidiarybank on June 30, 1968, and December 31, 1970,in order to qualify as a company covered in1970. If a company was not actively engaged ina nonbank activity prior to June 30, 1968, eitherdirectly, or indirectly through a subsidiary, itmay still qualify for indefinite grandfather privi-leges if the company had entered into a bindingcontract prior to June 30, 1968. The bindingcontract must be a written document whichspecifies that the company (or its subsidiary) orpersons representing the company will purchaseanother company which is already engaged inthe activity.

Within two years after the subsidiary bank ofan indefinitely grandfathered company attainsbanking assets in excess of $60 million, thestatus of the company’s grandfather privileges issubject to review to determine whether therights should remain in effect or be terminated.The Board or Reserve Bank may also reviewany company’s grandfather privileges and termi-nate them if it determines that such action isnecessary to prevent (1) undue concentration ofresources, (2) decreased or unfair competition,(3) conflicts of interests, or (4) unsound bankingpractices. Moreover, when a company appliesfor approval of an acquisition, it may expect theBoard or Reserve Bank to review the legitimacyof its grandfather privileges.

2030.0.2 ACTIVITIES ANDSECURITIES OF NEW BANKHOLDING COMPANIES

A company that becomes a bank holding com-pany may, for a period of two years, engage in

1. Effective October 20, 1981 the Board amended its RulesRegarding Delegation of Authority to delegate to the ReserveBanks authority to make these determinations regardingindefinite grandfather privileges.

BHC Supervision Manual January 2010Page 1

nonbanking activities and control voting securi-ties or assets of a nonbank subsidiary, if thebank holding company engaged in such activi-ties or controlled such voting securities or assetson the date it became a bank holding company.The Board can grant requests for up to threeone-year extensions of the two-year period. Thisis in accordance with a December 1983 revisionto Regulation Y (12 C.F.R. 225.22(e)). Theregulatory provision implements Section 4(a)(2)of the BHC Act.

2030.0.3 LIMITATIONS ONEXPANSION OF GRANDFATHERRIGHTS FOR INSURANCE AGENCYNONBANKING ACTIVITIES OF BANKHOLDING COMPANIES

Refer to Manual section 3170.0.3.4.1.

2030.0.4 SUCCESSOR RIGHTS

When a bank holding company transfers itsbank shares to another company in a mannerthat produces no substantial change in the con-trol of the bank, the transferee qualifies undersection 2(e) of the Act as a ‘‘successor.’’ The‘‘successor’’ provision prevents a bank holdingcompany from transferring its bank to someother organization. A successor is considered abank holding company from the date the trans-feror became a bank holding company. Thus, itmay hold the same grandfather privileges as itspredecessor. By the same token, it becomessubject to any conditions or restrictions, such asdivestiture requirements, imposed by the Sys-tem upon its predecessor. For example, an irre-vocable declaration filed by the predecessorwould be binding upon the successor.

2030.0.5 EXPANSION OFGRANDFATHER ACTIVITIES

Grandfather privileges apply to activities, not tocompanies. As a general rule, these activitiesare permitted to be expanded through internalgrowth; however, there are a few exceptions.See Appendix 1 in this section.

In Appendix 1 it is important to distinguishbetween a purchase in the ordinary course ofbusiness and a purchase, in whole or in part, of agoing concern. Each of the following conditions

must be satisfied in order for the transaction tobe in the ‘‘ordinary course of business,’’ whichis permissible: (1) less than a substantial amountof the assets of the company to be acquired mustbe involved; (2) the operations of the purchasedcompany must not be terminated or substan-tially discontinued; (3) the assets acquired mustnot be significant in relation to the size of thesame line of nonbank activity already in theholding company (an acquisition is deemed sig-nificant if the book value of the acquired non-bank assets exceeds 50 percent of the bookvalue of the nonbank assets of the holding com-pany or nonbank subsidiary comprising thesame line of activity); (4) if the transactioninvolves the acquisition of assets for resale, thesale must be a nominal business activity of theacquiring company; and (5) the major purposeof the transaction must not be to hire essentiallyall of the seller’s principal employees who areexpert, skilled and experienced in the businessof the company being acquired. If any of thesefive conditions is not satisfied, the transactionmay be considered to be an acquisition of agoing concern, which is not permissible withoutprior approval. Refer to 12 C.F.R. 225.132.

2030.0.6 DIVESTITURES (also seeManual section 2090.6)

The act specifies the time in which a companymust divest of any impermissible activity. Anycompany becoming a bank holding companysubsequent to the 1970 Amendments has twoyears in which to divest its impermissible activ-ity. The Act allowed a temporarily grandfath-ered company ten years from December 31,1970, to divest of its impermissible activities,except certain real estate holdings discussed ear-lier; and allows indefinitely grandfathered com-panies ten years from the date on which grand-father privileges are terminated by the Board orReserve Bank, should they be terminated forgood cause.

As mentioned earlier, reviews of a company’sgrandfather privileges may be precipitated bysuch circumstances as: (1) a subsidiary bank ofan indefinitely grandfathered company attainingassets in excess of $60 million (reviewed withintwo years); (2) a company seeking approval toengage in another activity or acquire another

Grandfather Rights—Retention and Expansion of Activities 2030.0


bank; (3) a company which violates the Act; or(4) a company operating in a manner whichresults in an undue concentration of resources,decreased or unfair competition, conflicts ofinterests, or unsound banking practices.When a company has filed an application

requiring the Board’s or Reserve Bank’s ap-proval, the Board or Reserve Bank may approvethe application subject to the condition that thecompany divest of certain grandfathered sharesor assets within a specified time period. Thespecified time period generally will be shorterthan the aforementioned time periods stipulatedin the Act.The plan of divestiture should have provided

for the removal of any control relationshipbetween the company and its divested activities.These control requirements, as outlined insection 2(g) of the Act, include one or more ofthe following: (1) no interlocking directorates;(2) ownership of less than 25 percent of thevoting shares by the BHC and related parties;(3) no interlocking management positions inpolicymaking functions; (4) no indebtednessbetween the transferor and the transferee; (5) noagreement or understanding which restricts thevoting privileges of shares. Further discussionof these and other control requirements andissues is found in Manual sections 2090.1 and2090.6.


1. To determine when the company acquiredits subsidiary bank.2. To determine when the company com-

menced its nonbanking activities and whetherthese activities were conducted continuouslythereafter.3. To determine if the banking assets of a

bank controlled by a holding company withindefinite grandfather privileges have reached$60 million.4. To determine if a change of ownership

or control of the company has taken place,and whether the transferee qualifies as a‘‘successor.’’

5. To determine if expansions of grandfath-ered activities occurred in accordance with theAct.


1. If necessary, examine the subsidiarybank’s stock certificate book to determine whenthe company acquired 25 percent or more of thebank.2. Review the minute books and historical

financial records of the company and its subsid-iaries for evidence of the date of commence-ment of any nonbank activity and its continua-tion thereafter. In particular, the financial recordsshould reflect the activity’s impact as either anasset and/or an income item. From theserecords, also determine whether there has beenexpansion of the activity and whether such ex-pansion complies with the Act.3. If necessary, review the latest quarterly

Call Report of Condition for the subsidiary bankto determine whether total assets exceeded$60 million. If appropriate, advise managementthat its grandfather status is subject to review.4. If necessary, examine the stock certificate

records and minutes of the bank or BHC todetermine if the bank’s shares have been trans-ferred from one bank holding company to an-other in such a manner that the transferee quali-fies as a successor.5. Upon review of the aforementioned

records, discuss the status of the company’sgrandfather privileges with the Reserve Bank’smanagement, if necessary.6. If divestment is required, encourage its

execution as soon as possible during the divest-ment period. Request a divestment plan whichspecifies the manner by which divestment willbe accomplished, the specific steps necessary toeffect the divestment, and the time schedule fortaking such steps. Advise management that fail-ure to divest within the prescribed time periodwill be viewed as a violation of the Act.





Divestment of activitieswhich are temporarilygrandfathered

S-2346February 15,1977

Escrow agreements usedin divestiture

1976 FRB 151

Companies withtemporarily grandfatheredactivities encouraged tosubmit plans by June 30,1978

1977 FRB 962

Divestment policies 4(a)(2) 1977 FRB 263

Denial of grandfatherrights for activities whichwere shifted fromsubsidiary bank tononbank subsidiary

WhitneyHoldingCorporation,New Orleans,Louisiana;April 27, 1973

Denied continuedownership of a savingsand loan association,despite permanentgrandfather rights

D.H. BaldwinCompany,Cincinnati,Ohio;February 22,1977

Discussion of indefinitegrandfather rightsacquired through theindirect power to exercisea controlling influence

PatagoniaCorporation,Tucson,Arizona;February 24,1977

Denial of grandfatherrights on additional stockacquired after June 30,1968, for lack of acontrolling influence overthe subsidiary as of June30, 1968

PatagoniaCorporation,Tucson,Arizona;July 6, 1973

Successor rights Republic ofTexasCorporation,Dallas, Texas;October 25,1973




Interprets ‘‘Companycovered in 1970’’ and‘‘Successor’’

AmericanSecurityCorporation,Washington,D.C.; July 21,1976

Review of grandfatherrights as a result ofsubsidiary bank reaching$60 million in total assets

ColoradoFundingCompany,Denver,Colorado;September 9,1977

Review of grandfatherrights as a result ofsubsidiary bank reaching$60 million in totalassets—charitable trustinvolved

GeneralEducationFund, Inc.,Burlington,Vermont;September13, 1977

Companies going out ofbusiness are not goingconcerns

Senate Report90–1084,page 5524

Failing companies are notgoing concerns

1974 FRB 725

Ownership of less than 25percent of a nonbankingcompany represents aninvestment rather than asubsidiary

1973 FRB 539

Divestitures 225.138 and225.140

Extension of divestituredeadline for real estateinterests

MonetaryControlAct of1980Section701(b)

Delegation of authority toReserve Banks re:Indefinite Grandfatheredactivities

265.2(f)(42) 1981 FRB 856and 860




Activities and securitiesof new bank holdingcompanies

225.22(e)

Denial of a BHCacquisition—‘‘successor’’

1984 FRB 667

Acquisition of assets 225.132



2030.0.10 APPENDIX 1—EXPANSION OF GRANDFATHERED ACTIVITIES

Permissible Type of Expansion Without Approval Requires Approval

FOR COMPANIES WITH AN INDEFINITELYGRANDFATHERED NONBANK ACTIVITY

1. Opening of additional offices of existingsubsidiary X

2. Acquisition of assets in the ‘‘ordinarycourse of business’’ as defined X

3. Acquisition of a going concern:

a. Additional shares of the grandfatherednonbanking subsidiary X

b. Additional shares of a nonbankingcompany which is regarded as aninvestment (generally companies inwhich the holding company has aninterest of between 5 and 25 percent) X

c. Initial acquisition of shares of anyother company engaging in theactivity X



Commitments to the Federal ReserveSection 2040.0

Commitments to the Board arise most oftenthrough the application process. Many commit-ments are included within the text of accompa-nying Board orders or letters transmitted to theapplicants. Commitments can also arise throughthe supervisory process. Commitments shouldbe specific and furnished in written form.The most common type involves a commit-

ment to inject capital (either equity or debtcapital) into the company or subsidiary to beacquired or possibly into other subsidiaries ofthe bank holding company. The required injec-tions may be for a specific dollar amount or foran unspecified amount necessary to achieve apredetermined capital relationship. Determiningcompliance with such commitments is generallynot difficult since an agreed upon quantifiableresult must be achieved.Types of commitments made to the Board in

the past include: divestiture of nonpermissiblestock holdings or activities; introduction of newservices; and reduction or elimination of divi-dends or management fees from subsidiaries.Several of the above forms of commitments

are rather difficult to monitor due to their inex-act nature. The examiner should determine insuch cases whether good faith compliance ef-forts have been made. Where an order approv-ing an application imposes specific conditions,however, compliance is of the utmost impor-tance since a conditional order is based on thetheory that such conditions were necessary toeliminate or outweigh adverse factors. Willfulnoncompliance in these cases might necessitate

the use of cease-and-desist powers to preventevasion of the purposes of the Act. Pursuant tothe Board’s request, each Reserve Bank reportssemi-annually on the status of all outstandingcommitments made by holding companies in itsDistrict.


1. To determine that the bank holding com-pany is taking the necessary steps to fulfill anyoutstanding commitments as scheduled.2. To determine whether additional commit-

ments or conditions should be imposed toachieve complete compliance.3. To determine whether a request for an

extension of time to fulfill any outstanding com-mitment is warranted.


1. Review semi-annual commitment reportsto the Board for commitments fulfilled since thelast inspection. Determine whether such com-mitments were completed as required.2. Review with management any actions

taken to comply with outstanding commitmentsor plans to effect fulfillment.3. If warranted, initiate action to consider

an extension for compliance on outstandingcommitments.


Extensions of Credit to BHC OfficialsSection 2050.0


This section was updated to discuss amendmentsto the Federal Reserve Act regarding insiderlending. The definition of ‘‘extension of credit’’was revised to include an insured depositoryinstitution’s (IDI) credit exposure to a personarising from a derivative transaction, repurchaseagreement, reverse repurchase agreement, secu-rities lending transaction, or securities borrow-ing transaction. See the Federal Reserve Act,section 22(h)(9)(D)(i), as amended by theDodd-Frank Act, section 614(a).

The Federal Deposit Insurance Act wasamended to prohibit the purchase or sale ofassets between an IDI and an executive officer,director, or principal shareholder of the IDI,and any related interest of such person, unlessthe transaction is on market terms. In addition,if the asset purchase or sale represents morethan 10 percent of the IDI’s capital stock andsurplus, the transaction must be approved inadvance by a majority of the members of theboard of directors of the IDI who do not have aninterest in the transaction. See section 615(1) ofthe Dodd-Frank Act.

2050.0.1 BHC OFFICIAL ANDRELATED INTERESTTRANSACTIONS BETWEEN THEPARENT COMPANY OR ITSNONBANK SUBSIDIARIES

Business transactions between a parent bankholding company or its nonbank subsidiary anda BHC official or a BHC official’s related inter-ests require close supervisory review. ‘‘Bankholding company official’’ is defined as anydirector, executive officer, or principal share-holder of the parent company or any of itssubsidiaries, excluding the subsidiary bank’snonbank subsidiaries.

Most of these transactions are soundly struc-tured and have a legitimate business purposethat result in equitable treatment for all parties.However, examiners should pay close attentionto all extensions of credit by a BHC or itsnonbank subsidiary to a BHC official or relatedinterest to ensure that the terms of the credit,particularly interest-rate and collateral terms,are not preferential and that the credit does notinvolve more than a normal risk of repayment.

An extension of credit by a BHC or nonbanksubsidiary may be considered abusive or self-

serving if its terms are unfavorable to the lender,or if the credit would not have been extended onthe same terms absent the official relationship;that is, it would be improbable that each party tothe credit would have entered into the credittransaction under the same terms if the relation-ship did not exist. When a transaction appearsquestionable, a complete inquiry into the factsand circumstances should be undertaken so thata legal determination can be obtained.

In addition to the above supervisory consider-ations, the Sarbanes-Oxley Act of 2002 (Pub. L.No. 107-204) (the act) imposed certain insiderlending restrictions on public companies,including BHCs that are public companies. ABHC generally is considered a public companyfor these purposes if it has a class of securitiesregistered under section 12 of the SecuritiesExchange Act of 1934 (the 1934 act) or isrequired to file reports with the Securities andExchange Commission (SEC) under section 15of the 1934 act. The Sarbanes-Oxley Act1 pro-hibits a publicly owned BHC (public BHC) andits subsidiaries from extending credit, or arrang-ing for another entity to extend credit, in theform of a personal loan to any director or execu-tive officer of the public BHC.2 This prohibitiondoes not apply to any extension of credit madebefore July 30, 2002, so long as the loan is notrenewed or materially modified after that date.

The Sarbanes-Oxley Act includes two excep-tions to this loan prohibition. First and mostimportantly, the prohibition does not apply toany loan made by an insured depository institu-tion that is subject to the insider lending restric-tions of section 22(h) of the Federal ReserveAct, as implemented by the Board’s RegulationO. Thus, loans by the insured depository institu-tion subsidiaries of a public BHC to a directoror executive officer of the BHC likely areexempt from the prohibition, although theywould be subject to Regulation O as discussedbelow. The second exception permits the direc-tors and executive officers of a public BHC toobtain home improvement and manufacturedhome loans, consumer loans, and loans underopen-end credit plans or charge cards from thepublic BHC or its subsidiaries, so long as the

1. See 15 U.S.C. 78m (section 402 of the act).2. The act does not restrict lending by a subsidiary of a

public BHC to the subsidiary’s own directors and executiveofficers, so long as these persons are not also directors orexecutive officers of the public BHC.


credit (1) is extended in the ordinary course ofthe company’s consumer credit business, (2) is akind of credit generally made available to thepublic, and (3) is made on market terms or onterms that are no more favorable than thoseoffered to the general public.

2050.0.2 TRANSACTIONS INVOLVINGOTHER PROPERTYOR SERVICES

Other transactions involving BHC officials, theirrelated interests, and the BHC and nonbanksubsidiary that should be reviewed by the exam-iner include the—

1. purchase of assets or services from the BHCor nonbank subsidiary, particularly if at adiscount or on preferential terms;

2. sale of assets or services to the BHCor nonbank subsidiary, particularly if at apremium;

3. lease of property to or from the BHC ornonbank subsidiary; and

4. use of BHC or nonbank subsidiary propertyor personnel by a BHC official or relatedinterest.

As with loans and other extensions of creditto BHC officials on preferential terms, abusiveor self-serving insider transactions involvingother property or services deprive the BHC ornonbank subsidiary of higher returns or gainsthat may have been achieved had the sametransaction been at a fair market price. A fairmarket price would be that price charged orreceived from an unaffiliated party.

The Dodd-Frank Act amended the FederalDeposit Insurance Act (FDIA) to impose a pro-hibition on asset purchases and between an IDIand an executive officer, director, or principalshareholder of the IDI, and any related interestof such person, unless the transaction is onmarket terms. In addition, if the asset purchaseor sale represents more than 10 percent of theIDI’s capital stock and surplus, the transactionmust be approved in advance by a majority ofthe members of the board of directors of the IDIwho do not have an interest in the transaction.See section 18(z) of the FDIA, as amended bythe Dodd-Frank Act, section 615(a).

A fair market price is often difficult to deter-mine because the assets or services involved

may be unique to a given situation and individu-als. In general, the fair market price of evenunique assets or services can be approximatedby the cost of the assets or services to the partyselling or furnishing them, if appropriate. Thevalue of services or properties provided by aBHC or nonbank subsidiary should be estab-lished and justified either by policy or on acase-by-case basis, and appropriate documenta-tion should be available to the examiner.

Services provided by a BHC official or arelated interest to a BHC or nonbank subsidiary,while not unusual, may be most difficult tovalue. In part because of the problem of valua-tion, this type of transaction is among the mostsusceptible to abuse. The cost of providing ser-vices is frequently derived by placing value onthe time of the individuals providing the ser-vices. When services are provided by a BHCofficial who normally places a very high billingvalue on time provided, the benefits to the BHCmust be assessed in order to form a basis fordetermining a fair price. The BHC official maybe a highly regarded professional whose timeand services have great value to the organiza-tion. However, when the BHC requires routineclerical services, officials should not charge theBHC a professional-level rate for such services.Under these or similar circumstances, the BHCwould be considered imprudent in paying suchrates and could be subject to critical comment.

2050.0.3 REGULATION O

For ease of reference, certain Regulation O defi-nitions and limitations, as revised by the Fed-eral Deposit Insurance Corporation Improve-ment Act of 1991 (FDICIA), are presented here,some in abbreviated form. A thorough review ofthe entire regulation (found at FRRS 3–960),and the Board’s press releases pertaining toRegulation O, is necessary for a completeunderstanding of the regulation. (Note that sec-tion 108 of the Financial Institutions RegulatoryAct of 1978 amended section 18(j) of the Fed-eral Deposit Insurance Act to make section22(h) of the Federal Reserve Act applicable tononmember insured banks.)

Purpose of Regulation O. Regulation O gov-erns any extension of credit by a member bankand its subsidiaries (based on amendments con-tained in FDICIA, Regulation O also applies tononmember insured depository institutions) toan executive officer, director, or principal share-holder of (1) the member bank, (2) a bankholding company of which the member bank is

Extensions of Credit to BHC Officials 2050.0


a subsidiary, and (3) any other subsidiary of thatbank holding company. It also applies to anyextension of credit by a member bank to (1) acompany controlled by such a person and (2) apolitical or campaign committee that benefits oris controlled by such a person.

Supervision of BHCs and their nonbank sub-sidiaries. Regulation O deals exclusively withextensions of credit by banks and their subsidi-aries, not extensions of credit by BHCs and theirnonbank subsidiaries. However, because theregulations curtail or eliminate abusive transac-tions, they can be used as a guide or model inproviding standards for the supervisory reviewof extensions of credit by BHCs and nonbanksubsidiaries. Although a direct extension ofcredit by a BHC could not be determined to be aviolation of Regulation O, if the credit fails tomeet the requirements that Regulation O estab-lishes for banks, it may be possible to concludethat the BHC is engaging in either an unsafe orunsound practice that exposes the entire bankingorganization to undue risk and exposure to loss.Regulation O limits credit extensions by a bankto officials of that bank and their related inter-ests; therefore, examiners should be especiallyalert to credit extensions from BHCs and non-bank subsidiaries. If credit extensions appear tocircumvent the intent of Regulation O, theyshould be identified and discussed with manage-ment and noted in the inspection report forfollow-up review and possible formal correctiveaction by regulatory authorities.

2050.0.3.1 FDICIA and BHC InspectionGuidance for Regulation O

On April 22, 1992, the Board adopted amend-ments to Regulation O, effective May 18, 1992,to implement the changes required by section306 of FDICIA. Section 306 amended section22(h) of the Federal Reserve Act and replacedthe language of section 22(h) with the provi-sions of the Board’s Regulation O. Section 306also made several substantive modifications tosection 22(h) that required revisions to Regula-tion O. These changes are outlined in theBoard’s press release and Federal Registernotice of May 28, 1992 (57 Fed. Reg. 22,417).

The following are some of the more signifi-cant changes that were made effective May 18,1992:2a

1. Aggregate lending limit (section 215.4(d)).The aggregate limit on the total amount that abank can lend to its insiders and their relatedinterests as a class was changed. In general, thisamount is equal to the bank’s unimpaired capi-tal and unimpaired surplus. The Board alsodecided as a one-year interim measure to permitbanks with deposits under $100 million to adopta higher limit, not to exceed 200 percent of thebank’s unimpaired capital and unimpaired sur-plus. (This interim period was extended twiceby the Board, extending the higher limit throughFebruary 18, 1994, when the higher limitbecame permanent. The board of directors mustprovide an annual resolution authorizing the useof this higher limit. Other conditions also apply.)

2. Lending limits for directors and relatedinterests (section 215.4(c)). Loans to directors(and their related interests) are subject to thesame lending limit that is applicable to execu-tive officers and principal shareholders (andtheir related interests).

3. Credit standards (section 215.4(a)). Whenlending to an insider2b a bank must follow creditunderwriting procedures that are as stringent asthose applicable to comparable transactions bythe bank with persons outside the bank.

4. Definition of ‘‘principal shareholder’’ (sec-tion 215.2(m)(1)). The definition of principalshareholder was tightened for banks located insmall communities. The previously existing10 percent limitation was made applicable to allbanks, regardless of the size of the communitiesin which they were located.3

5. Definition of ‘‘member bank’’ (section215.2(j)). The term member bank was redefinedto include any subsidiary of the member bank.This revision clarified that an extension of creditfrom a subsidiary of a member bank is subject

2a. The Regulation O cites are to the February 18, 1994,amendment.

2b. The term insider refers to an executive officer, director,or principal shareholder, and includes any related interest ofsuch a person.

3. The Board amended the definition of principal share-holder of a member bank, effective December 17, 1992, sothat it does not include a company of which a member bank isa subsidiary. This amendment excludes from Regulation Oloans to a company that owns, controls, or exercises a control-ling influence over a member bank, as those relationships aredefined in section 2(d) of the Bank Holding Company Act, aswell as the related interests of such a parent bank holdingcompany. The definition of principal shareholder for pur-poses of reporting obligations under section 215.11 of Regula-tion O was not changed as a result of the Housing andCommunity Development Act of 1992 because those portionsof Regulation O implement provisions of law in addition tosection 22(h) of the Federal Reserve Act.



to the same insider restrictions as an extensionof credit from a member bank itself.

6. Coverage of all companies that own banks(section 215.2(b)). All companies that ownbanks became subject to Regulation O, regard-less of whether they are technically bank hold-ing companies.

7. Prohibition on knowingly receiving unau-thorized extensions of credit (section 215.6).Insiders are prohibited from knowingly receiv-ing (or permitting their related interests toreceive) any extension of credit not authorizedby section 22(h) of the Federal Reserve Act.

8. Reporting requirement for certain credit(section 215.12). Executive officers and direc-tors of member banks that do not have publiclytraded stock are required to report annually totheir institutions the outstanding amount ofany credit secured by shares of the insider’sinstitution.

In a February 18, 1994, press release, theFederal Reserve Board announced its approvalof a final rule that further amended severalprovisions of Regulation O, effective on thatdate. Some of the provisions carried out orfurther refined provisions of FDICIA. Theamendments were designed to increase the abil-ity of banks to make extensions of credit thatpose minimal risk of loss, to eliminate record-keeping requirements that impose a paperworkburden, and to remove certain transactions fromthe regulation’s coverage consistent with banksafety and soundness. The amendments wereexpected to increase the availability of credit,particularly in communities served by smallbanks. The following is a discussion of some ofthe rule’s primary provisions.

1. Aggregate lending limit—exception forsmall, adequately capitalized banks (section215.4(d)). This revision of Regulation O madepermanent an interim rule increasing the aggre-gate lending limit for small, adequately capital-ized banks from 100 percent of the bank’s unim-paired capital surplus to 200 percent, providedthe bank satisfies three conditional criteria.

2. Exceptions to the general limits on lend-ing (section 215.4(d)(3)). The Board adoptedcertain exceptions to the general restrictions onlending to insiders. The exceptions apply toloans fully secured by—

a. obligations of the United States or otherobligations fully guaranteed as to principal andinterest by the United States;

b. commitments or guarantees of a depart-

ment or agency of the United States; orc. a segregated deposit account with the

lending bank.An exception is also made for loans arising

from the discount of installment consumer paperby an insider with full or partial recourseendorsement or guarantee by the insider, if themaker of the paper is not an insider and theloan was made relying primarily on the makerand this is properly documented. Such loanscontinue to be subject to the prohibitions againstpreferential lending.

3. Including closing costs in the refinancingof home mortgage loans (section 215.5(c)(2)).Section 22(g) of the Federal Reserve Act allowsa bank to make a loan to its executive officer,without restrictions on the amount, if the loan issecured by a first lien on a dwelling that isowned and used by the executive officer as aresidence after the loan is made. The Board’samendment includes the refinancing of homemortgage loans in this category only if the pro-ceeds are used to pay off the previous homemortgage loan or for the other purposes listed inthis section. The regulation states that closingcosts can be included as part of the exemptportion of a home mortgage refinancing.

4. Alternative recordkeeping procedures(section 215.8). Banks are permitted to followalternative recordkeeping procedures on loansto insiders of affiliates. The amendment allows abank to decide on its own how to gather infor-mation on related interests, so long as its methodis effective. For example, a nonbank credit cardbank or other bank that does not make commer-cial loans could decide not to keep records onrelated interests. For banks that make commer-cial loans, one of two acceptable methods isrequired, unless a bank can demonstrate thatanother method is equally effective: (a) the ‘‘sur-vey’’ method or (b) the ‘‘borrower inquiry’’method. Every bank, regardless of the record-keeping method it selects, must conduct anannual survey to identify its own insiders, butnot those of its holding company affiliates.Every bank is expected to check this short listbefore extending credit, even if it is using theborrower-inquiry method of recordkeeping foraffiliates in lieu of the survey method.

5. Tangible-economic-benefit rule (section215.3(f)). This rule was similar to a provisionin section 23A of the Federal Reserve Actand was adopted at a time when the Board wasrequired by section 22(h) of the Federal ReserveAct to use the definition of ‘‘extension of credit’’found in section 23A. However, the definition ofextension of credit in section 22(h) is no longertied to section 23A. The Board has therefore



revised the tangible-economic-benefit rule toclarify that it does not reach certain transactionsthat may benefit an insider. The Board explicitlyprovided that the rule does not apply to anarm’s-length extension of credit by a bank to athird party where the proceeds of the credit areused to finance the bona fide acquisition ofproperty, goods, or services from an insider oran insider’s related interest.

2050.0.3.2 Definitions in Regulation O(abbreviated listing)

Note: Regulation O definitions, prohibitions,exceptions, and exemptions are particularlydetailed and complex. Therefore, inspection staffshould consult with Reserve Bank or Boardsupervisory or legal staff before discussing withmanagement or presenting in an inspectionreport any BHC inspection findings that relyupon Regulation O.

(a) ‘‘Affiliate’’ means any company of whicha member bank is a subsidiary or any othersubsidiary of that company.

(b) ‘‘Company’’ means any corporation, part-nership, trust (business or otherwise), associa-tion, joint venture, pool syndicate, sole propri-etorship, unincorporated organization, or anyother form of business entity. The term, how-ever, does not include (1) an insured bank (asdefined in 12 U.S.C. 1813) or (2) a corporationthe majority of the shares of which are ownedby the United States or by any state.

(c)(1) ‘‘Control of a company or bank’’means that a person directly or indirectly, oracting through or in concert with one or morepersons (i) owns, controls, or has the power tovote 25 percent or more of any class of votingsecurities of the company or bank; (ii) controlsin any manner the election of a majority of thedirectors of the company or bank; or (iii) has thepower to exercise a controlling influence overthe management or policies of the company orbank. (Note: If a company does not have votingsecurities (that is, a partnership), review thedegree of interest in the company to determinecontrol.)

(2) A person is presumed to have control,including the power to exercise a controllinginfluence over the management or policies, of acompany or bank if (i) the person is an execu-tive officer or director of the company or bankand directly or indirectly owns, controls, or hasthe power to vote more than 10 percent of anyclass of voting securities of the company orbank or (ii) the person directly or indirectlyowns, controls, or has the power to vote more

than 10 percent of any class of voting securi-ties of the company or bank, and no otherperson owns, controls, or has the power to votea greater percentage of that class of votingsecurities.

(3) An individual is not considered to havecontrol, including the power to exercise a con-trolling influence over the management or poli-cies, of a company or bank solely by virtue ofthe individual’s position as an officer or directorof the company or bank.

(d) ‘‘Director’’ of a company or bank meansany director of the company or bank, whether ornot receiving compensation.3a An advisorydirector is not considered a director if the advi-sory director (1) is not elected by the sharehold-ers of the bank or company, (2) is not authorizedto vote on matters before the board of directors,and (3) provides solely general policy advice tothe board of directors.

(e)(1) ‘‘Executive officer’’ of a company orbank means a person who participates or hasauthority to participate (other than in the capac-ity of a director) in major policymaking func-tions of the company or bank, whether or notthe officer has an official title; the title desig-nates the officer an assistant; or the officer isserving without salary or other compensation.4

3a. Extensions of credit to a director of an affiliate of abank are not subject to the general prohibitions (section215.4), the prohibitions on knowingly receiving unauthorizedextensions of credit (section 215.6), and the alternative record-keeping procedures (section 215.8) if—

(1) the director of the affiliate is excluded, by resolution ofthe board of directors or by the bylaws of the bank, fromparticipation in major policymaking functions of the bank,and the director does not actually participate in thosefunctions;

(2) the affiliate does not control the bank; and(3) as determined annually, the assets of the affiliate do not

constitute more than 10 percent of the consolidated assets ofthe company that controls the bank and is not controlled byany other company, and the director of the affiliate is nototherwise subject to sections 215.4, 215.6, and 215.8 ofRegulation O.

If the director of the affiliate is excluded, by resolution ofthe board of directors or by the bylaws of the bank, fromparticipation in major policymaking functions of the bank, aresolution of the board of directors or a corporate bylaw may(1) include the director (by name or by title) in a list ofpersons excluded from participation in such functions or(2) not include the director in a list of persons authorized (byname or by title) to participate in such functions.

4. The term ‘‘executive officer’’ is not intended to includepersons who may have official titles and may exercise acertain measure of discretion in the performance of theirduties, including discretion in the making of loans, but whodo not participate in determining major policies of the bank orcompany and whose decisions are limited by policy standardsfixed by the senior management of the bank or company. For



The chairman of the board, the president, everyvice president, the cashier, the secretary, and thetreasurer of a company or bank are consideredexecutive officers, unless the officer is excluded,by resolution of the board of directors or by thebylaws of the bank or company, from participa-tion (other than in the capacity of a director) inmajor policymaking functions of the bank orcompany, and the officer does not actually par-ticipate therein.

(2) Extensions of credit to an executiveofficer of an affiliate of a member bank (otherthan a company that controls the bank) are notsubject to sections 215.4, 215.6, and 215.8 ofRegulation O if—

(i) the executive officer of the affiliate isexcluded, by resolution of the board of directorsor by the bylaws of the bank, from participationin major policymaking functions of the bank,and the executive officer does not actually par-ticipate in those functions;

(ii) the affiliate does not control thebank; and

(iii) as determined annually, the assetsof the affiliate do not constitute more than10 percent of the consolidated assets of thecompany that controls the bank and is not con-trolled by any other company, and the execu-tive officer of the affiliate is not otherwisesubject to sections 215.4, 215.6, and 215.8 ofRegulation O.

If the executive officer of the affiliate isexcluded, by resolution of the board of directorsor by the bylaws of the bank, from participationin major policymaking functions of the bank, aresolution of the board of directors or a corpo-rate bylaw may (i) include the executive officer(by name or by title) in a list of personsexcluded from participation in such functions or(ii) not include the executive officer in a list ofpersons authorized (by name or by title) toparticipate in such functions.

(f) ‘‘Immediate family’’ means the spouse ofan individual, the individual’s minor children,and any of the individual’s children (includingadults) residing in the individual’s home.

(g) ‘‘Insider’’ means an executive officer,director, principal shareholder, and any relatedinterest of such person.

(h) The ‘‘lending limit’’ for a member bankis an amount equal to the limit on loans to a

single borrower established by section 5200 ofthe Revised Statutes,5 12 U.S.C. 84. Thisamount is 15 percent of the bank’s unimpairedcapital and unimpaired surplus in the case ofloans that are not fully secured, and an addi-tional 10 percent of the bank’s unimpaired capi-tal and unimpaired surplus in the case of loansthat are fully secured by readily marketablecollateral having a market value, as determinedby reliable and continuously available pricequotations, at least equal to the amount of theloan. The lending limit also includes any higheramounts that are permitted by section 5200 ofthe Revised Statutes for the types of obligationslisted therein as exceptions to the limit.

A member bank’s unimpaired capital andunimpaired surplus equals the (1) memberbank’s tier 1 and tier 2 capital included in thebank’s risk-based capital, under the capitalguidelines of the appropriate federal bankingagency, and (2) balance of the member bank’sallowance for loan and lease losses that was notincluded in the bank’s tier 2 capital. This com-putation is based on the bank’s risk-based capi-tal under the capital guidelines of the appropri-ate federal banking agency, based on the bank’smost recent consolidated report of conditionfiled under 12 U.S.C. 1817(a)(3).

(i) ‘‘Member bank’’ means any banking insti-tution that is a member of the Federal ReserveSystem, including any subsidiary of a memberbank. The term does not include any foreignbank that maintains a branch in the UnitedStates, whether or not the branch is insured(within the meaning of 12 U.S.C. 1813(s)) andregardless of the operation of 12 U.S.C. 1813(h)and 12 U.S.C. 1828(j)(3)(B).

(j) ‘‘Person’’ means an individual or acompany.

(k) ‘‘Principal shareholder’’ 6 means an individual or a company (other than an insuredbank) that directly or indirectly, or actingthrough or in concert with one or more persons,owns, controls, or has the power to vote morethan 10 percent of any class of voting securities

example, the term does not include a manager or assistantmanager of a branch of a bank unless that individual partici-pates, or is authorized to participate, in major policymakingfunctions of the bank or company.

5. Where state law establishes a lending limit for a statemember bank that is lower than the amount permitted insection 5200 of the Revised Statutes, the lending limit estab-lished by the applicable state laws shall be the lending limitfor the state member bank.

6. On October 28, 1992, in section 955 of the Housing andCommunity Development Act of 1992, Congress amendedsection 22(h) of the Federal Reserve Act to exclude from thedefinition of principal shareholder a company of which amember bank is a subsidiary. Regulation O was amended,effective December 17, 1992, to implement this change. As aresult of the amendment, extensions of credit by a bank to itsholding company and to any related interests of its subsidiaryare governed solely by sections 23A and 23B of the FederalReserve Act.



of a member bank or company. Shares owned orcontrolled by a member of an individual’simmediate family are considered to be held bythe individual. A principal shareholder of amember bank includes (1) a principal share-holder of a company of which the member bankis a subsidiary and (2) a principal shareholder ofany other subsidiary of that company, exclusiveof nonbank subsidiaries of member banks.

(l) ‘‘Related interest’’ means (1) a companythat is controlled by a person or (2) a political orcampaign committee that is controlled by a per-son or the funds or services of which will bene-fit a person.

(m) ‘‘Subsidiary’’ has the meaning given insection 2(d) of the BHC Act, but does notinclude a subsidiary of a member bank.

2050.0.3.2.1 Extension of Credit

For the purposes of Regulation O, an ‘‘exten-sion of credit’’ is

(a) a making or renewal of any loan, a grant-ing of a line of credit, or an extending ofcredit in any manner whatsoever andincludes:

(1) a purchase under repurchase agree-ment of securities, other assets, or obligations;

(2) an advance by means of an overdraft,cash item, or otherwise;

(3) issuance of a standby letter of credit(or other similar arrangement regardless of nameor description) or an ineligible acceptance;

(4) an acquisition by discount, purchase,exchange, or otherwise of any note, draft, bill ofexchange, or other evidence of indebtednessupon which an insider may be liable as maker,drawer, endorser, guarantor, or surety;

(5) an increase of an existing indebted-ness, but not if the additional funds areadvanced by the bank for its own protection for(i) accrued interest or (ii) taxes, insurance, orother expenses incidental to the existingindebtedness;

(6) an advance of unearned salary or otherunearned compensation for a period in excess of30 days; and

(7) any other similar transaction as a resultof which a person becomes obligated to paymoney (or its equivalent) to a bank, whetherthe obligation arises directly or indirectly, orbecause of an endorsement on an obligation orotherwise, or by any means whatsoever.

The Dodd-Frank Act added to the definition ofan ‘‘extension of credit’’ an insured depositoryinstitution’s (IDI) credit exposure to a personarising from a derivative transaction, repurchase

agreement, reverse repurchase agreement, secu-rities lending transaction, or securities borrowingtransaction.

An extension of credit does not include—(1) an advance against accrued salary or

other accrued compensation, or an advance forthe payment of authorized travel or otherexpenses incurred or to be incurred on behalfof the bank;

(2) a receipt by a bank of a check depos-ited in or delivered to the bank in the usualcourse of business unless it results in the carry-ing of a cash item for or the granting of anoverdraft (other than an inadvertent overdraft ina limited amount that is promptly repaid underterms that are not more favorable than thoseoffered to the general public).

(3) an acquisition of a note, draft, bill ofexchange, or other evidence of indebtednessthrough (i) a merger or consolidation of banksor a similar transaction by which a bankacquires assets and assumes liabilities of anotherbank or similar organization or (ii) foreclosureon collateral or similar proceeding for the pro-tection of the bank, provided that such indebted-ness is not held for a period of more than threeyears from the date of the acquisition, subject to


BHC Supervision Manual January 2013Page 6.1

extension by the appropriate federal bankingagency for good cause;

(4)(i) an endorsement or guarantee for theprotection of a bank of any loan or other assetpreviously acquired by the bank in good faith or(ii) any indebtedness to a bank for the purposeof protecting the bank against loss or of givingfinancial assistance to it;

(5) indebtedness of $15,000 or less arisingby reason of any general arrangement by whicha bank (i) acquires charge or time creditaccounts or (ii) makes payments to or on behalfof participants in a bank credit card plan, checkcredit plan, or similar open-end credit plan,provided—

(A) the indebtedness does not involveprior individual clearance or approval by thebank other than for the purposes of determiningauthority to participate in the arrangement andcompliance with any dollar limit under thearrangement, and

(B) the indebtedness is incurred underterms that are not more favorable than thoseoffered to the general public;

(6) indebtedness of $5,000 or less arisingby reason of an interest-bearing overdraft creditplan (see Regulation O, section 215.4(e)); or

(7) a discount of promissory notes, bills ofexchange, conditional sales contracts, or similarpaper, without recourse.

Non-interest-bearing deposits to the credit ofa bank are not considered loans, advances, orextensions of credit to the bank of deposit. Also,the giving of immediate credit to a bank uponcollected items received in the ordinary courseof business is not considered to be a loan,advance, or extension of credit to the depositingbank.

An extension of credit by a member bank (forthe purposes of section 215.4 of Regulation O)is considered to have been made at the time thebank enters into a binding commitment to makethe extension of credit. A participation withoutrecourse is considered to be an extension ofcredit by the participating bank, not by the origi-nating bank.

Tangible-economic-benefit rule. In general, anextension of credit is considered made to aninsider to the extent that the proceeds are trans-ferred to the insider or are used for the tangibleeconomic benefit of the insider. An extension ofcredit is not considered made to an insider if—

(1) the credit is extended on terms thatwould satisfy the standard set forth in section215.4(a) of Regulation O for extensions of creditto insiders and

(2) the proceeds of the extension of creditare used in a bona fide transaction to acquireproperty, goods, or services from the insider.

2050.0.3.2.2 Insider Use of aBank-Owned Credit Card

Board staff issued a May 22, 2006, legal opinionin response to an FDIC request for clarificationon the application of the Board’s Regulation O(12 CFR 215) to credit cards that are issued tobank insiders for the bank’s business purposes.7The FDIC asked whether, and under what cir-cumstances, an insider’s use of a bank-ownedcredit card would be deemed an extension ofcredit by the bank to the insider for purposes ofRegulation O.

The FDIC indicated that insiders of a bankoften use a bank-owned credit card to purchasegoods and services for the bank’s business pur-poses. A bank-owned credit card is a credit cardthat is issued by a third-party financial institu-tion to a bank to enable the bank (through itsemployees) to finance the purchase of goodsand services for the bank’s business. Board staffcommented that it was understood that (1) abank that provides a bank-owned credit card toits employees typically forbids or discouragesuse of the card by employees for their personalpurposes and that an employee who uses thecard for personal purposes is obligated topromptly reimburse the bank and (2) a bank isliable to the card-issuing institution for allextensions of credit made under the card(whether for the bank’s business purposes or foran employee’s personal purposes)8.

Although section 215.3(a) of Regulation Obroadly defines an extension of credit to include‘‘a making or renewal of a loan, a granting of aline of credit, or an extending of credit in anymanner whatsoever,’’ the rule also provides sev-eral important exceptions to the definition thatare relevant to the FDIC’s inquiry. Section215.3(b)(1) of Regulation O excludes from the

7. The provisions of Regulation O apply to a bank holdingcompany of which a member bank is a subsidiary, and anyother subsidiary of that bank holding company. (See2050.0.3.)

8. In the responding letter, Board legal staff notes that itwas understood that some banks directly issue credit cards totheir employees to enable the employees to finance the pur-chase of goods and services for the bank’s business (bank-issued credit cards). Also, the letter states that the principlesset forth with regard to bank-owned credit cards also wouldapply to bank-issued credit cards.



definition of extension of credit any advance bya bank to an insider for the payment of autho-rized or other expenses incurred or to beincurred on behalf of the bank. Also, section215.3(b)(5) of Regulation O excludes from thedefinition of extension of credit indebtedness ofup to $15,000 incurred by an insider with a bankunder an ordinary credit card.

Considering the provisions of Regulation Oand the purposes of the insider lending restric-tions in the Federal Reserve Act, Board legalstaff opined that a bank does not make an exten-sion of credit to an insider for purposes ofRegulation O at the time of issuance of a bank-owned credit card to the insider (regardless ofwhether the line of credit associated with thecard is greater than $15,000). The opinion statesalso that a bank does not extend credit to aninsider for the purposes of Regulation O whenthe insider uses the card to purchase goods orservices for the bank’s business purposes. How-ever, when an insider uses the card to purchasegoods or services for the insider’s personal pur-poses, the bank may be making an extension ofcredit to the insider. The opinion states that anextension of credit would occur for the purposesof Regulation O if—and to the extent that—theamount of outstanding personal charges made tothe card, when aggregated with all other indebt-edness of the insider that qualifies for the creditcard exception in section 215.3(b)(5) of Regula-tion O, exceeds $15,000.

The FDIC also asked whether incidental per-sonal expenses charged by an insider to a bank-owned credit card are per se violations of themarket-terms requirement in section 215.4(a) ofRegulation O because non-insiders do not haveaccess to this form of credit from the bank. Inresponse, Board staff stated that section 215.4(a)requires extensions of credit by a bank to itsinsiders to (1) be on substantially the sameterms (including interest rates and collateral) as,and subject to credit underwriting standards thatare not less stringent than, those prevailing atthe time for comparable transactions with non-insiders and (2) not involve more than the nor-mal risk of repayment or other features unfavor-able to the bank.

The opinion states that a bank may be able tosatisfy the market-terms requirement, however,if the bank approves an insider for use of abank-owned credit card only (1) if the insidermeets the bank’s normal credit underwritingstandards and (2) the card does not have prefer-ential terms (or the card does not have preferen-

tial terms in connection with uses of the card forpersonal purposes). Nonetheless, use of a bank-owned credit card by an insider for personalpurposes may violate the market- terms require-ment of Regulation O if the card carries a lowerinterest rate or permits a longer repaymentperiod than comparable consumer credit offeredby the bank.

The Board staff’s legal opinion applies onlyto the specific issues and circumstancesdescribed in the letter and does not address anyother issues or circumstances.

2050.0.3.3 General Prohibitions andLimitations of Regulation O

(a) Terms and creditworthiness. No memberbank may extend credit to any insider of thebank or insider of its affiliates unless the exten-sion of credit (1) is made on substantially thesame terms (including interest rates and collat-eral) as, and following credit-underwriting pro-cedures that are not less stringent than, thoseprevailing at the time for comparable transac-tions by the bank with other persons that are notcovered by Regulation O and who are notemployed by the bank and (2) does not involvemore than the normal risk of repayment orpresent other unfavorable features.

Nothing stated above (as to ‘‘terms and cred-itworthiness’’) should prohibit any extension ofcredit made in accordance with a benefit orcompensation program that—

1. is widely available to employees of themember bank, and in the case of extensions ofcredit to an insider of its affiliates, is widelyavailable to employees of the affiliates at whichthat person is an insider and

2. does not give preference to any insiderof the member bank over other employees of themember bank and, in the case of extensions ofcredit to an insider of its affiliates, does not givepreference to any insider of its affiliates overother employees of the affiliates of which thatperson is an insider.

(b) Prior approval. A member bank may notextend credit (including granting a line of credit)to any insider of the bank or insider of itsaffiliates in an amount that, when aggregatedwith the amount of all other extensions of creditto that person and to all related interests of thatperson, exceeds the higher of $25,000 or 5 per-cent of the member bank’s unimpaired capitaland unimpaired surplus, but in no event can itexceed $500,000. This provision applies unless(1) the extension of credit or line of credit hasbeen approved in advance by a majority of the



entire board of directors of that bank and (2) theinterested party has abstained from participatingdirectly or indirectly in the voting.

The board of directors’ approval is notrequired for an extension of credit that is madepursuant to a line of credit that was approved bythe board of directors within 14 months of thedate of the extension of credit. Participation inthe discussion, or any attempt to influence thevoting, by the board of directors regarding anextension of credit constitutes indirect participa-tion in the voting by the board of directors on anextension of credit.

(c) Individual lending limit. A member bankmay not extend credit to any insider of the bankor insider of its affiliates in an amount that,when aggregated with the amount of all otherextensions of credit by the member bank to thatperson and to all related interests of that person,exceeds the lending limit described above insection 2050.0.3.2 (paragraph h). This prohibi-tion does not apply to an extension of credit by amember bank to a company of which the mem-ber bank is a subsidiary or to any other subsidi-ary of that company.

(d) Aggregate lending limit.(1) General limit. A member bank may

not extend credit to any insider of the bank orinsider of its affiliates unless the extension ofcredit is in an amount that, when aggregatedwith all outstanding extensions of credit to allsuch insiders, would exceed the bank’s unim-paired capital and unimpaired surplus as definedin section 215.2(i) of Regulation O (see section2050.0.3.2, paragraph h).

(2) A member bank with deposits of lessthan $100,000,000 may, by an annual resolutionof its board of directors, increase the generallimit (specified above) to a level that does notexceed two times the bank’s unimpaired capitaland unimpaired surplus if the board of directorsdetermines that such higher limit is consistentwith prudent, safe, and sound banking practicesin light of the bank’s experience in lending to itsinsiders and is necessary to attract or retaindirectors or to prevent the restriction of theavailability of credit in small communities.

The board of directors’ resolution mustset forth the facts and reasoning on which itbases its finding, including the amount of thebank’s lending to its insiders as a percentage ofthe bank’s unimpaired capital and unimpairedsurplus as of the date of the resolution. In addi-tion, the bank must meet or exceed, on a fullyphased-in basis, all applicable capital require-ments established by the appropriate federalbanking agency. The bank would also have hadto receive a satisfactory composite rating in its

most recent bank examination report.If a member bank has adopted a resolu-

tion authorizing a higher limit and subsequentlyfails to meet the above-listed requirements, themember bank cannot extend any additionalcredit (including a renewal of any existingextension of credit) to any insider of the bank orits affiliates unless the extension or renewal isconsistent with the general limit.

(3) Exceptions to the general limit. Effec-tive May 3, 1993, the general limit, described inmanual section 2050.0.3.3 (paragraph d) andspecified in section 215.4(d)(1) of the Board’sRegulation O does not apply to—

(i) extensions of credit secured by a per-fected security interest in bonds, notes, certifi-cates of indebtedness, or Treasury bills of theUnited States or in other such obligations fullyguaranteed as to principal and interest by theUnited States;

(ii) extensions of credit to or secured byunconditional takeout commitments or guaran-tees of any department, agency, bureau, board,commission, or establishment of the UnitedStates or any corporation wholly owned directlyor indirectly by the United States;

(iii) extensions of credit secured by aperfected security interest in a segregateddeposit account in the lending bank; or

(iv) extensions of credit arising from thediscount of negotiable installment consumerpaper that is acquired from an insider andcarries a full or partial recourse endorsement orguarantee by the insider,9 provided that—

(A) the financial condition of eachmaker of such consumer paper is reasonablydocumented in the bank’s files or known to itsofficers;

(B) an officer of the bank designatedfor that purpose by the board of directors of thebank certifies in writing that the bank is relyingprimarily upon the responsibility of each makerfor the payment of the obligation and not uponany endorsement or guarantee by the insider;and

(C) the maker of the instrument is notan insider.

(e) Overdrafts. A member bank may not payan overdraft of an executive officer or directorof the bank10 on an account at the bank, unless

9. The exceptions to the aggregate lending limit pertainingto extensions of credit secured in the manner described above(i through iii) apply only to the amounts of such extensions ofcredit that are secured in such manner.

10. This prohibition does not apply to the payment by a



the payment of funds is made in accordancewith (1) a written, preauthorized, interest-bearing extension of credit plan that specifies amethod of repayment or (2) a written, preautho-rized transfer of funds from another account ofthe account holder at the bank.

The prohibition above does not apply topayment of inadvertent overdrafts on an accountin an aggregate amount of $1,000 or less, pro-vided (1) the account is not overdrawn for morethan five business days and (2) the memberbank charges the executive officer or directorthe same fee charged any other customer of thebank in similar circumstances.11

2050.0.3.4 Additional Restrictionson Loans to Executive Officersof Member Banks

The following restrictions on extensions ofcredit by a member bank to any of its executiveofficers are in addition to any restrictions onextensions of credit by a member bank to insid-ers of itself or its affiliates. The restrictionslisted below apply only to the executive officersof the member bank and not to the executiveofficers of its affiliates.

A member bank may not extend credit to anyof its executive officers, and no executive officerof a member bank can borrow from or otherwisebecome indebted to the bank, except in theamounts, for the purposes, and upon the condi-tions specified in items 3 and 4 below.

A member bank is authorized to extend creditto any executive officer of the bank—

(1) in any amount to finance the education ofthe executive officer’s children;

(2) in any amount to finance or refinancethe purchase, construction, maintenance, orimprovement of a residence of the executiveofficer, provided—

(i) the extension of credit is secured by afirst lien on the residence and the residence is

owned (or expected to be owned after the exten-sion of credit) by the executive officer; and

(ii) in the case of refinancing, that only theamount used to repay the original extension ofcredit, together with the closing costs of therefinancing, and any additional amount thereofused for any of the purposes enumerated initem 2 above, are included within this categoryof credit;

(3) in any amount, if the extension of creditis secured in a manner described in the firstthree exceptions to the general limit of theaggregate lending limit (see section 2050.0.3.3,paragraph d, subparagraphs i to iii); and

(4) for any other purpose (not specified initems 1 through 3 above), if the aggregateamount of loans to that executive officer doesnot exceed, at any one time, the higher of2.5 percent of the bank’s unimpaired capital andunimpaired surplus or $25,000, but in no eventmore than $100,000.

Any extension of credit by a member bank toany of its executive officers must be—

(1) promptly reported to the member bank’sboard of directors,

(2) in compliance with the general prohibi-tions of section 215.4 of Regulation O (manualsection 2050.0.3.3),

(3) preceded by the submission of a currentdetailed financial statement of the executiveofficer, and

(4) made subject to the condition in writingthat the extension of credit will, at the option ofthe member bank, become due and payable atany time that the officer is indebted to any otherbank or banks in an aggregate amount greaterthan the amount specified for a category ofcredit that may be made available by a memberbank to any of its executive officers.

No member bank may extend credit in anaggregate amount greater than the amount per-mitted for general-purpose loans to an executiveofficer (section 215.5(c)(4) of Regulation O) toa partnership in which one or more of the bank’sexecutive officers are partners and, either indi-vidually or together, hold a majority interest.The total amount of credit extended by a mem-ber bank to such partnership is considered to beextended to each executive officer of the mem-ber bank who is a member of the partnership.

Prohibition on knowingly receiving unautho-rized extensions of credit. Insiders are prohib-ited from knowingly receiving (or permittingtheir related interests to receive) any extensionsof credit not authorized by section 22(h) of theFederal Reserve Act and by Regulation O.

member bank of an overdraft of a principal shareholder of themember bank, unless the principal shareholder is also anexecutive officer or director. This prohibition also does notapply to the payment by a member bank of an overdraft of arelated interest of an executive officer, director, or principalshareholder of the member bank.

11. The requirement that the member bank charge theexecutive officer or director the same fee charged any othercustomer of the bank in similar circumstances does not pro-hibit the member bank from charging a fee provided for in abenefit or compensation program that satisfies the require-ments detailed in section 2050.0.3.3, item (a).



2050.0.3.5 Grandfathering Provisions

(a) Under FDICIA. FDICIA provided thatthe amendments to Regulation O would notaffect extensions of credit entered into on orbefore the effective date of the regulation.Therefore, extensions of credit, including linesof credit, made on or before May 18, 1992,are not required to comply with either theindividual-borrower limit made applicable todirectors and their related interests, or with theaggregate limit on all loans to insiders. Allextensions of credit, loan renewals, and loanrollovers made after May 18, 1992, must com-ply with all of the provisions of Regulation O.In other words, banks cannot make new loans orrenew outstanding extensions of credit inamounts that, when aggregated with all otheroutstanding loans to insiders, would exceedeither of the new limits.

(b) Extensions of credit outstanding onMarch 10, 1979. Any extension of credit thatwas outstanding on March 10, 1979, and thatwould have, if made on or after March 10, 1979,violated the individual lending limit, had to bereduced in amount by March 10, 1980, to be incompliance with the aggregate lending limit ofRegulation O. Any renewal or extension of sucha credit extension on or after March 10, 1979,must have been made only on terms that wouldhave brought it into compliance with the aggre-gate lending limit by March 10, 1980. However,any extension of credit made before March 10,1979, that bears a specific maturity date ofMarch 10, 1980, or later, had to be repaid inaccordance with the repayment schedule inexistence on or before March 10, 1979.

2050.0.3.6 Reports by Executive Officers

Each executive officer of a member bank whobecomes indebted to any other bank or banks inan aggregate amount greater than the amountspecified for a category of credit in section215.5(c) of Regulation O (manual section2050.0.3.4) must make a written report to theboard of directors of the officer’s bank within10 days of the date the indebtedness reachessuch a level. The report must state the lender’sname, the date and amount of each extension ofcredit, any security for it, and the purposes forwhich the proceeds have been or are to be used.

Report on credit secured by BHC stock. Inaddition to the report required above, eachexecutive officer or director of a member bankthe shares of which are not publicly traded mustreport annually to the bank’s board of directors

the outstanding amount of any credit that wasextended to the executive officer or director thatis secured by shares of the member bank. (Seealso Regulation Y section 225.4(f) for the iden-tical restriction on executive officers and direc-tors of a bank holding company with loanssecured by shares of the bank holding company.)

2050.0.3.7 Report on Creditto Executive Officers

Each member bank must include with (but notas part of) each report of condition (and copythereof) filed pursuant to 12 U.S.C. 1817(a)(3) areport of all extensions of credit made by themember bank to its executive officers since thedate of the bank’s previous report of condition.

2050.0.3.8 Disclosure of Credit fromMember Banks to Executive Officers andPrincipal Shareholders

(a) Definitions. For the purposes of this sec-tion, the following definitions apply:

(1) ‘‘Principal shareholder of a memberbank’’ means a person (individual or a com-pany), other than an insured bank, or branch orrepresentative office of a foreign bank as definedin 12 U.S.C. 3101(7)12 that, directly or indi-rectly, or acting through or in concert with oneor more persons, owns, controls, or has power tovote more than 10 percent of any class of votingsecurities of the member bank or company. Theterm includes an individual or company thatcontrols a principal shareholder (for example, aperson that controls a bank holding company).Shares of a bank (including a foreign bank),bank holding company, or other companyowned or controlled by a member of an indi-vidual’s immediate family are considered to beheld or controlled by the individual for thepurposes of determining principal shareholderstatus.13

12. A foreign bank means any company organized underthe laws of a foreign country, a territory of the United States,Puerto Rico, Guam, American Samoa, or the Virgin Islandsthat engages in the business of banking, or any subsidiary oraffiliate, organized under such laws, of any such company.This includes foreign commercial banks, foreign merchantbanks, and other foreign institutions that engage in bankingactivities usual in connection with the business of banking inthe countries where such foreign institutions are organized oroperating.

13. See footnote 3.



(2) ‘‘Related interest’’ means (i) any com-pany controlled by a person; or (ii) any politicalor campaign committee the funds or services ofwhich will benefit a person or that is controlledby a person. A related interest does not includea bank or a foreign bank (as defined in 12 U.S.C.3101(7)).

(b) Public disclosure. Upon receipt of a writ-ten request from the public, a member bankshall make available the names of each of itsexecutive officers (with the exception of anyexecutive officer of a bank holding company ofwhich the member bank is a subsidiary or of anyother subsidiary of that bank holding companyunless the executive officer is also an executiveofficer of the member bank) and each of itsprincipal shareholders to whom, or to whoserelated interests, the member bank had outstand-ing at the end of the latest previous quarter ofthe year, an extension of credit that, when aggre-gated with all other outstanding extensions ofcredit at that time from the member bank tosuch person and to all related interests of suchperson, equaled or exceeded 5 percent of themember bank’s capital and unimpaired surplusor $500,000, whichever amount is less. No dis-closure under this paragraph is required if theaggregate amount of all extensions of creditoutstanding at that time from the member bankto the executive officer or principal shareholderof the member bank and to all related interestsof such a person does not exceed $25,000.

A member bank is not required to disclosethe specific amounts of individual extensions ofcredit.

(c) Maintaining records. Each member bankis required to maintain records of all requestsfor the information described above and thedisposition of the requests. These records maybe disposed of two years after the date of therequest.

2050.0.3.9 Civil Penalties ofRegulation O

Any member bank, or any officer, director,employee, agent, or other person participating inthe conduct of the affairs of the bank, thatviolates any provision of Regulation O is sub-ject to a civil penalty, as specified in section 29of the Federal Reserve Act.

2050.0.3.10 Records of Member Banks(and BHCs)

To help inspection and examination personnelidentify BHC officials, Regulation O requireseach member bank to maintain records neces-sary to monitor compliance with this regulation.BHCs and nonbank subsidiaries should begiven access to the records identifying ‘‘bankofficials.’’ Each state member bank is requiredto (1) identify, through an annual survey, allinsiders of the bank itself; and (2) maintainrecords of all extensions of credit to insiders ofthe bank itself, including the amount and termsof each such extension of credit.

2050.0.3.10.1 Recordkeeping for Insidersof the Member Bank’s Affiliates

A member bank is required to maintain recordsof extensions of credit to insiders of the memberbank’s affiliates by—

(1) a ‘‘survey’’ method, which identifies,through an annual survey, each of the insiders ofthe member bank’s affiliates. Under the surveymethod, the member bank must maintainrecords of the amount and terms of each exten-sion of credit by the member bank to suchinsiders or

(2) a ‘‘borrower inquiry’’ method, whichrequires, as part of each extension of credit, theborrower to indicate whether the borrower is aninsider of an affiliate of the member bank.Under this method, the member bank mustmaintain records that identify the amount andterms of each extension of credit by the memberbank to borrowers so identifying themselves.

Alternative recordkeeping method for insid-ers of affiliates. A member bank may use arecordkeeping method other than those identi-fied above if the appropriate federal bankingagency determines that the bank’s method is atleast as effective.

2050.0.3.10.2 Special Rule forNoncommercial Lenders

A member bank that is prohibited by law or byan express resolution of the bank’s board ofdirectors from making an extension of credit toany company, or other entity that is covered byRegulation O as a company, is not required tomaintain any records of the related interests ofthe insiders of the bank or its affiliates. Thebank is also not required to inquire of borrowers



whether they are related interests of the insidersof the bank or its affiliates.

2050.0.3.11 Section 23A Ramifications

Loans to a holding company parent and itsaffiliates are governed by section 23A of theFederal Reserve Act and are not subject toRegulation O.

2050.0.4 REMEDIAL ACTION

Self-serving and abusive transactions deprive aBHC of opportunities and benefits that mayotherwise have been available and may strip aBHC of its ability to serve as a source of finan-cial and managerial strength to its subsidiarybanks. Even if not extended on preferentialterms, self-serving loans and other extensions ofcredit to insiders may be an imprudent businesspractice and may reduce the lender’s liquidity orotherwise overextend the BHC. In such situa-tions, formal or informal remedial measures bythe Federal Reserve may be necessary. Formalenforcement action is provided for in the 1974amendments to the Financial Institutions Super-visory Act of 1966 (12 U.S.C. 1818), whichgrant the Board authority to issue cease-and-desist orders in appropriate situations. For com-plete details on formal corrective actions, seesection 2110.0.


1. To determine if any transactions betweenBHC officials, their related interests, and theBHC or its nonbank subsidiaries are basedon preferential treatment.

2. To determine if any transactions betweenBHC officials, their related interests, and theBHC or its nonbank subsidiaries result inany undue loss exposure to the BHC or itssubsidiaries.

3. To determine if any BHC or nonbankextension of credit to a BHC official orrelated interest is in the spirit of RegulationO’s requirements or whether it is an attemptto circumvent Regulation O’s prohibition onvarious bank extensions of credit to similarparties.

4. To determine that BHC officials are aware ofRegulation O’s limitations and prohibitionsand have established internal policies andprocedures for the bank subsidiaries toensure compliance by the banks.

5. To determine that the BHC has arranged tomake available, upon request, a listing orsome other form of information sufficient toidentify all ‘‘BHC officials’’ and to makecertain that such information is available tothe bank subsidiaries in particular.


1. Review the balance sheets and other recordsof the parent-only and nonbank subsidiariesto determine if there are any loans or otherextensions of credit to BHC officials.

2. Review the income statements and support-ing records of the parent-only and nonbanksubsidiaries to determine if any interestincome, other income, or expense is associ-ated with a transaction with a BHC official ora related interest.

3. Ask management to identify all suchtransactions and to provide supportingdocumentation.

4. Review management’s familiarity withRegulation O’s limitations and the steps theyhave taken to establish policies for the inter-nal administration of their subsidiary banks’extensions of credit to BHC officials.

5. Review any information prepared by man-agement that presents a listing of all BHCofficials and their related interests.

6. Review any corporate resolutions declaringan individual not to be an ‘‘executive officer’’for purposes of Regulation O and, if neces-sary, confirm the individual’s nonparticipa-tion in the formulation of corporate policy.

7. As the provision of Regulation O apply tothe BHC and its subsidiaries, determine ifthe BHC provides employees or other insid-ers with extensions of credit, including BHC-owned or BHC-issued credit cards. Find outif any of the credit cards are used to conductthe BHC’s business.a. Verify that the BHC has a written policy

that forbids or discourages an employeeor other insider from using a BHC-ownedor BHC-issued credit card for the insid-er’s personal purposes and that the policyobligates the insider to promptly makereimbursement to the BHC.

b. Determine the BHC’s compliance withRegulation O regarding its extensions ofcredit (including BHC-owned or BHC-issued credit card loans) to insiders.



Verify that the BHC monitors the amountof personal charges outstanding on itsBHC-owned or BHC-issued credit cardsthat are held by insiders so that the out-standing charges, when aggregated withall of an insider’s other indebtednessowed to the BHC, do not exceed $15,000.

c. Verify the BHC’s compliance with themarket-terms requirement of RegulationO. Determine if—

• the BHC requires employees and otherinsiders who have extensions of credit,

or use BHC-owned or BHC-issuedcredit cards for personal purposes, tomeet the BHC’s normal credit under-writing standards and

• the BHC has verified that the insiders’extensions of credit (or BHC-ownedor BHC-issued credit cards) do nothave more preferential terms (forexample, a lower interest rate or alonger repayment period) than the con-sumer credit cards offered by the BHC.



Loans and extensionsof credit to executiveofficers, directors, andprincipal shareholders

375a and375b(sections 22(g)and 22(h) ofF.R. Act)

215.4215.5(Reg. O)

Granting of below-market interest ratemortgage loans toexecutives of BHCsubsidiaries ascompensation

1972(2) 4–5143–1094

Restrictions onloans to insidersof a bank or itscorrespondentbank

1972 (2)

Board staff interpretationon the use of bank-owned or bank-issuedcredit cards by bankinsiders

3–1081.5





Management Information Systems(General) Section 2060.0

Management Information Systems refers to thepolicies and operating procedures, includingsystems of internal control, that the board ofdirectors of a bank holding company initiates tomonitor and ensure control of its operations andactivities, while maintaining and improving thefinancial strength and objectives of the overallorganization. These policies should focus on theoverall organizational structure with respect toidentifying, monitoring, and managing risks.Subsequent sections of the manual focus on theessential elements of various management infor-mation systems. Included are inspection objec-

tives and procedures to be used by FederalReserve Bank examiners when conductinginspections of bank holding companies.

See 2060.05 Internal Audit Functionand Its Outsourcing

2060.1 Audit2060.2 Budget2060.3 Records and Statements2060.4 Reporting2060.5 Insurance5052.0 Targeted MIS Inspection


Policy Statement on the Internal Audit Function and ItsOutsourcing (Management Information Systems) Section 2060.05


Effective January 2014, this section was revisedto include new and revised inspection objectivesand inspection procedures for both the 2003interagency guidance, ‘‘Policy Statement on theInternal Audit Function and its Outsourcing,’’and the January 23, 2013, Federal Reserve‘‘Supplemental Policy Statement on InternalAudit Function and its Outsourcing.’’ Refer toSR-03-5 and SR 13-1/CA 13-1 and Manual sec-tion 2060.07.

2060.05.01 AN EFFECTIVE SYSTEMOF INTERNAL CONTROLS

Effective internal control1 is a foundation for thesafe and sound operation of a financial institu-tion (institution).2 The board of directors andsenior management of an institution are respon-sible for ensuring that the system of internalcontrol operates effectively. Their responsibilitycannot be delegated to others within the institu-tion or to outside parties. An important elementin assessing the effectiveness of the internalcontrol system is an internal audit function.When properly structured and conducted, inter-nal audit provides directors and senior manage-ment with vital information about weaknesses in

the system of internal control so that manage-ment can take prompt, remedial action. Thefederal banking agencies’ 3 (agencies) long-standing inspection policies call for examinersto review an institution’s internal audit functionand recommend improvements, if needed. Inaddition, pursuant to section 39 of the FederalDeposit Insurance Act (FDI Act) (12 U.S.C.1831p-1), the agencies have adopted Inter-agency Guidelines Establishing Standards forSafety and Soundness that apply to insureddepository institutions.4 Under these guidelinesand policies, each institution should have aninternal audit function that is appropriate to itssize and the nature and scope of its activities.

In addressing various quality and resourceissues, many institutions have been engagingindependent public accounting firms and otheroutside professionals (outsourcing vendors) inrecent years to perform work that traditionallyhas been done by internal auditors. Thesearrangements are often called ‘‘internal auditoutsourcing,’’ ‘‘internal audit assistance,’’ ‘‘auditco-sourcing,’’ and ‘‘extended audit services’’(hereafter, collectively referred to as outsourc-ing). Typical outsourcing arrangements aremore fully illustrated in part II below.

Outsourcing may be beneficial to an institu-tion if it is properly structured, carefully con-ducted, and prudently managed. However, theagencies have concerns that the structure, scope,and management of some internal audit out-sourcing arrangements do not contribute to theinstitution’s safety and soundness. Furthermore,the agencies want to ensure that these arrange-ments with outsourcing vendors do not leavedirectors and senior management with the erro-neous impression that they have been relievedof their responsibility for maintaining an effec-tive system of internal control and for oversee-ing the internal audit function.

The Sarbanes-Oxley Act of 2002 (the act)became law on July 30, 2002.5 The act addressesweaknesses in corporate governance and the

1. In summary, internal control is a process designed to

provide reasonable assurance that the institution will achieve

the following internal control objectives: efficient and effec-

tive operations, including safeguarding of assets; reliable

financial reporting; and compliance with applicable laws and

regulations. Internal control consists of five components that

are a part of the management process: control environment,

risk assessment, control activities, information and communi-

cation, and monitoring activities. The effective functioning of

these components, which is brought about by an institution’s

board of directors, management, and other personnel, is essen-

tial to achieving the internal control objectives. This descrip-

tion of internal control is consistent with the Committee of

Sponsoring Organizations of the Treadway Commission

(COSO) report Internal Control—Integrated Framework. In

addition, under the COSO framework, financial reporting is

defined in terms of published financial statements, which, for

purposes of this policy statement, encompass both financial

statements prepared in accordance with generally accepted

accounting principles and regulatory reports (such as the

Reports of Condition and Income). Institutions are encour-

aged to evaluate their internal control against the COSO

framework.

2. The term ‘‘institution’’ includes depository institutions

insured by the Federal Deposit Insurance Corporation (FDIC),

U.S. financial holding companies and bank holding companies

supervised by the Federal Reserve System, thrift holding

companies supervised by the Office of Thrift Supervision

(OTS), and the U.S. operations of foreign banking

organizations.

3. The Board of Governors of the Federal Reserve System

(FRS), Federal Deposit Insurance Corporation (FDIC), Office

of the Comptroller of the Currency (OCC), and Office of

Thrift Supervision (OTS).

4. For national banks, appendix A to part 30; for state

member banks, appendix D-1 to part 208; for insured state

nonmember banks and insured state-licensed branches of for-

eign banks, appendix A to part 364; for savings associations,

appendix A to part 570.

5. Pub. L. No. 107-204.


accounting and auditing professions, andincludes provisions addressing audits, financialreporting and disclosure, conflicts of interest,and corporate governance at publicly ownedcompanies. The act, among other things,requires public companies to have an audit com-mittee composed entirely of independent direc-tors. Public banking organizations that are listedon the New York Stock Exchange (NYSE) andNasdaq must also comply with those exchanges’listing requirements, which include audit com-mittee requirements.

The act also established a Public CompanyAccounting Oversight Board (PCAOB) that hasthe authority to set and enforce auditing, attesta-tion, quality control, and ethics (including inde-pendence) standards for auditors of public com-panies, subject to SEC review. (See SR-02-20.)Accounting firms that conduct audits of publiccompanies (i.e., registered accounting firms)must register with the PCAOB and be subject toits supervision. The PCAOB is also empoweredto inspect the auditing operations of publicaccounting firms that audit public companies, aswell as impose disciplinary and remedial sanc-tions for violations of its rules, securities laws,and professional auditing and accountingstandards.

[Sections 2060.05.02–2060.05.04 arereserved.]

2060.05.05 APPLICATION OF THESARBANES-OXLEY ACT TONONPUBLIC BANKINGORGANIZATIONS

In May 2003, the Federal Reserve, the Office ofthe Comptroller of the Currency, and the Officeof Thrift Supervision announced that they didnot expect to take actions to apply the corporate-governance and other requirements of theSarbanes-Oxley Act generally to nonpublicbanking organizations that are not otherwisesubject to them. 5a (See SR-03-08.) The agen-cies, however, encouraged nonpublic bankingorganizations to periodically review their poli-cies and procedures relating to corporate-

governance and auditing matters. This reviewshould ensure that such policies and proceduresare consistent with applicable law, regulations,and supervisory guidance and remain appropri-ate in light of the organization’s size, opera-tions, and resources. Furthermore, the agenciesstated that a banking organization’s policies andprocedures for corporate governance, internalcontrols, and auditing will be assessed duringthe supervisory process, and the agencies maytake appropriate supervisory action if thereare deficiencies or weaknesses in these areasthat are inconsistent with sound corporate-governance practices or safety-and-soundnessconsiderations.

2060.05.06 INTERAGENCY POLICYSTATEMENT ON THE INTERNALAUDIT FUNCTION AND ITSOUTSOURCING

The Federal Reserve and other federal bankingagencies 6 adopted on March 17, 2003, an inter-agency policy statement addressing the internalaudit function and its outsourcing (See SR03-5). The policy statement revises and replacesthe former 1997 policy statement and incorpo-rates recent developments in internal auditing.In addition, the revised policy incorporates guid-ance on the independence of accountants whoprovide institutions with both internal and exter-nal audit services in light of the Sarbanes-OxleyAct of 2002 and associated SEC rules. (See alsosections 2124.0.2.4, 2060.1, 3230.0.10.2.5,5010.7, and 5030.0 [page 7] pertaining to inter-nal and external audits.)

The act prohibits an accounting firm fromacting as the external auditor of a public com-pany during the same period that the firm pro-vides internal audit services to the company.The policy statement discusses the applicabilityof this prohibition to institutions that are publiccompanies, insured depository institutions withassets of $500 million or more that are subjectto the annual audit and reporting requirementsof section 36 of the Federal Deposit InsuranceAct, and also nonpublic institutions that are notsubject to section 36.

5a. As discussed below, some aspects of the auditor-

independence rules established by the Sarbanes-Oxley Act

apply to all federally insured depository institutions with $500

million or more in total assets. See part 363 of the FDIC’s

regulations.

6. The FDIC, OCC, and OTS.

Policy Statement on the Internal Audit Function and Its Outsourcing 2060.05


2060.05.1 INTERNAL AUDITFUNCTION (PART I)

2060.05.1.1 Director and SeniorManagement Responsibilities for InternalAudit

The board of directors and senior managementare responsible for having an effective system ofinternal control and an effective internal auditfunction in place at their institution. They arealso responsible for ensuring that the impor-tance of internal control is understood andrespected throughout the institution. This over-all responsibility cannot be delegated to anyoneelse. They may, however, delegate the design,implementation, and monitoring of specificinternal controls to lower-level management andthe testing and assessment of internal controls toothers. Accordingly, directors and senior man-agement should have reasonable assurance thatthe system of internal control prevents or detectssignificant inaccurate, incomplete, or unautho-rized transactions; deficiencies in the safeguard-ing of assets; unreliable financial reporting(which includes regulatory reporting); anddeviations from laws, regulations, and the insti-tution’s policies.7

Some institutions have chosen to rely onso-called management self-assessments or con-trol self-assessments, wherein business-linemanagers and their staff evaluate the perfor-mance of internal controls within their purview.Such reviews help to underscore management’sresponsibility for internal control, but they arenot impartial. Directors and members of seniormanagement who rely too much on thesereviews may not learn of control weaknessesuntil they have become costly problems, particu-larly if directors are not intimately familiar withthe institution’s operations. Therefore, institu-tions generally should also have their internal

controls tested and evaluated by units withoutbusiness-line responsibilities, such as internalaudit groups.

Directors should be confident that the internalaudit function addresses the risks and meets thedemands posed by the institution’s current andplanned activities. To accomplish this objective,directors should consider whether their institu-tion’s internal audit activities are conducted inaccordance with professional standards, such asthe Institute of Internal Auditors’ (IIA) Stan-

dards for the Professional Practice of Internal

Auditing. These standards address indepen-dence, professional proficiency, scope of work,performance of audit work, management ofinternal audit, and quality-assurance reviews.Furthermore, directors and senior managementshould ensure that the following matters arereflected in their institution’s internal auditfunction.

2060.05.1.1.1 Internal Audit Placementand Structure Within the Organization

Careful thought should be given to the place-ment of the audit function in the institution’smanagement structure. The internal audit func-tion should be positioned so that the board hasconfidence that the internal audit function willperform its duties with impartiality and not beunduly influenced by managers of day-to-dayoperations. The audit committee,8 using objec-tive criteria it has established, should overseethe internal audit function and evaluate its per-

7. As noted above, under section 36 of the FDI Act, asimplemented by part 363 of the FDIC’s regulations (12 C.F.R.363), FDIC-insured depository institutions with total assets of$500 million or more must submit an annual managementreport signed by the chief executive officer (CEO) and chiefaccounting or chief financial officer. This report must containthe following: (1) a statement of management’s responsibili-ties for preparing the institution’s annual financial statements,for establishing and maintaining an adequate internal controlstructure and procedures for financial reporting, and for com-plying with designated laws and regulations relating to safetyand soundness, including management’s assessment of theinstitution’s compliance with those laws and regulations; and(2) for an institution with total assets of $1 billion or more atthe beginning of the institution’s most recent fiscal year, thereport should include an assessment by management of theeffectiveness of such internal control structure and proceduresas of the end of such fiscal year. (See 12 C.F.R. 363.2(b) and70 Fed. Reg. 71,232, November 28, 2005.)

8. Depository institutions subject to section 36 of the FDIAct and part 363 of the FDIC’s regulations must maintain anindependent audit committee (i.e., consisting of directors whoare not members of management). For institutions withbetween $500 million and $1 billion in assets, only a majority,rather than all, of the members of the audit committee—whomust be outside directors—must be independent of manage-ment. For insured institutions having total assets of more than$3 billion, the audit committee must (1) have members withbanking or related financial management expertise, (2) haveaccess to outside legal counsel, and (3) not include any largecustomers of the institution. The audit committee also may berequired to satisfy other audit committee membership criteria(see 12 U.S.C. 831m(g)(1)(c) and section 363.5(b)(12 C.F.R.363.5(b)). Consistent with the 1999 Interagency Policy State-ment on External Auditing Programs of Banks and SavingsAssociations, the agencies also encourage the board of direc-tors of each depository institution that is not otherwiserequired to do so to establish an audit committee consistingentirely of outside directors. Where the term ‘‘audit commit-tee’’ is used in this policy statement, the board of directorsmay fulfill the audit committee responsibilities if the institu-tion is not subject to an audit committee requirement.



formance.9 The audit committee should assignresponsibility for the internal audit function to amember of management (that is, the manager ofinternal audit or internal audit manager) whounderstands the function and has no responsibil-ity for operating the system of internal control.The ideal organizational arrangement is for thismanager to report directly and solely to theaudit committee regarding both audit issues andadministrative matters (e.g., resources, budget,appraisals, and compensation). Institutions areencouraged to consider the IIA’s Practice Advi-

sory 2060-2: Relationship with the Audit Com-

mittee, which provides more guidance on theroles and relationships between the audit com-mittee and the internal audit manager.

Many institutions place the manager of inter-nal audit under a dual reporting arrangement:functionally accountable to the audit committeeon issues discovered by the internal audit func-tion, while reporting to another senior manageron administrative matters. Under a dual report-ing relationship, the board should consider thepotential for diminished objectivity on the partof the internal audit manager with respect toaudits concerning the executive to whom he orshe reports. For example, a manager of internalaudit who reports to the chief financial officer(CFO) for performance appraisal, salary, andapproval of department budgets may approachaudits of the accounting and treasury operationscontrolled by the CFO with less objectivity thanif the manager were to report to the chief execu-tive officer. Thus, the chief financial officer,controller, or other similar officer should ideallybe excluded from overseeing the internal auditactivities even in a dual role. The objectivityand organizational stature of the internal auditfunction are best served under such a dualarrangement if the internal audit managerreports administratively to the CEO.

Some institutions seek to coordinate the inter-nal audit function with several risk-monitoringfunctions (for example, loan review, market-riskassessment, and legal compliance departments)by establishing an administrative arrangementunder one senior executive. Coordination ofthese other monitoring activities with the inter-nal audit function can facilitate the reporting ofmaterial risk and control issues to the auditcommittee, increase the overall effectiveness of

these monitoring functions, better use availableresources, and enhance the institution’s abilityto comprehensively manage risk. Such anadministrative reporting relationship should bedesigned so as to not interfere with or hinder themanager of internal audit’s functional reportingto and ability to directly communicate with theinstitution’s audit committee. In addition, theaudit committee should ensure that efforts tocoordinate these monitoring functions do notresult in the manager of internal audit conduct-ing control activities nor diminish hisor her independence with respect to the otherrisk-monitoring functions. Furthermore, theinternal audit manager should have the ability toindependently audit these other monitoringfunctions.

In structuring the reporting hierarchy, theboard should weigh the risk of diminished inde-pendence against the benefit of reduced admin-istrative burden in adopting a dual reportingorganizational structure. The audit committeeshould document its consideration of this riskand mitigating controls. The IIA’s Practice

Advisory 1110-2: Chief Audit Executive Report-

ing Lines provides additional guidance regard-ing functional and administrative reportinglines.

2060.05.1.1.2 Internal AuditManagement, Staffing, and Audit Quality

In managing the internal audit function, themanager of internal audit is responsible for con-trol risk assessments, audit plans, audit pro-grams, and audit reports.

1. A control risk assessment (or risk-assessmentmethodology) documents the internal audi-tor’s understanding of the institution’s sig-nificant business activities and their associ-ated risks. These assessments typicallyanalyze the risks inherent in a given businessline, the mitigating control processes, and theresulting residual risk exposure of the institu-tion. They should be updated regularly toreflect changes to the system of internal con-trol or work processes and to incorporatenew lines of business.

2. An internal audit plan is based on the controlrisk assessment and typically includes a sum-mary of key internal controls within eachsignificant business activity, the timing andfrequency of planned internal audit work,and a resource budget.

3. An internal audit program describes theobjectives of the audit work and lists the

9. For example, the performance criteria could include thetimeliness of each completed audit, comparison of overallperformance to plan, and other measures.



procedures that will be performed duringeach internal audit review.

4. An audit report generally presents the pur-pose, scope, and results of the audit, includ-ing findings, conclusions, and recommenda-tions. Workpapers that document the workperformed and support the audit reportshould be maintained.

Ideally, the internal audit function’s only roleshould be to independently and objectivelyevaluate and report on the effectiveness of aninstitution’s risk-management, control, and gov-ernance processes. Internal auditors increas-ingly have taken a consulting role within institu-tions on new products and services and onmergers, acquisitions, and other corporate reor-ganizations. This role typically includes helpingdesign controls and participating in the imple-mentation of changes to the institution’s controlactivities. The audit committee, in its oversightof the internal audit staff, should ensure that thefunction’s consulting activities do not interfereor conflict with the objectivity it should havewith respect to monitoring the institution’s sys-tem of internal control. In order to maintain itsindependence, the internal audit function shouldnot assume a business-line management roleover control activities, such as approving orimplementing operating policies or procedures,including those it has helped design in connec-tion with its consulting activities. The agenciesencourage internal auditors to follow the IIA’sstandards, including guidance related to theinternal audit function acting in an advisorycapacity.

The internal audit function should be compe-tently supervised and staffed by people withsufficient expertise and resources to identify therisks inherent in the institution’s operations andassess whether internal controls are effective.The manager of internal audit should overseethe staff assigned to perform the internal auditwork and should establish policies and proce-dures to guide the audit staff. The form andcontent of these policies and procedures shouldbe consistent with the size and complexity ofthe department and the institution. Many poli-cies and procedures may be communicatedinformally in small internal audit departments,while larger departments would normallyrequire more formal and comprehensive writtenguidance.

2060.05.1.1.3 Internal Audit Frequencyand Scope

The frequency and extent of internal auditreview and testing should be consistent with thenature, complexity, and risk of the institution’son- and off-balance-sheet activities. At leastannually, the audit committee should review andapprove internal audit’s control risk assessmentand the scope of the audit plan, including howmuch the manager relies on the work of anoutsourcing vendor. It should also periodicallyreview internal audit’s adherence to the auditplan. The audit committee should considerrequests for expansion of basic internal auditwork when significant issues arise or when sig-nificant changes occur in the institution’s envi-ronment, structure, activities, risk exposures, orsystems.10

2060.05.1.1.4 Communication of InternalAudit Findings to the Directors, AuditCommittee, and Management

To properly carry out their responsibility forinternal control, directors and senior manage-ment should foster forthright communicationsand critical inspection of issues to better under-stand the importance and severity of internalcontrol weaknesses identified by the internalauditor and operating management’s solutions

10. Major changes in an institution’s environment andconditions may compel changes to the internal control systemand also warrant additional internal audit work. These include(1) new management; (2) areas or activities experiencingrapid growth or rapid decline; (3) new lines of business,products, or technologies or disposals thereof; (4) corporaterestructurings, mergers, and acquisitions; and (5) expansionor acquisition of foreign operations (including the impactof changes in the related economic and regulatoryenvironments).


BHC Supervision Manual July 2008Page 4.1

to these weaknesses. Internal auditors shouldreport internal control deficiencies to the appro-priate level of management as soon as they areidentified. Significant matters should bepromptly reported directly to the board of direc-tors (or its audit committee) and senior manage-ment. In periodic meetings with managementand the manager of internal audit, the auditcommittee should assess whether managementis expeditiously resolving internal control weak-nesses and other exceptions. Moreover, the auditcommittee should give the manager of internalaudit the opportunity to discuss his or her find-ings without management being present.

Furthermore, each audit committee shouldestablish and maintain procedures for employ-ees of their institution to submit confidentiallyand anonymously concerns to the committeeabout questionable accounting, internal account-ing control, or auditing matters.11 In addition,the audit committee should set up proceduresfor the timely investigation of complaintsreceived and the retention for a reasonable timeperiod of documentation concerning the com-plaint and its subsequent resolution.

2060.05.1.1.5 Contingency Planning

As with any other function, the institutionshould have a contingency plan to mitigate anysignificant discontinuity in audit coverage, par-ticularly for high-risk areas. Lack of contin-gency planning for continuing internal auditcoverage may increase the institution’s level ofoperational risk.

2060.05.1.2 U.S. Operations of ForeignBanking Organizations

The internal audit function of a foreign bankingorganization (FBO) should cover its U.S. opera-tions in its risk assessments, audit plans, andaudit programs. Its U.S.-domiciled audit func-tion, head-office internal audit staff, or somecombination thereof normally performs theinternal audit of the U.S. operations. Internalaudit findings (including internal control defi-ciencies) should be reported to the senior man-agement of the U.S. operations of the FBO andthe audit department of the head office. Signifi-cant adverse findings also should be reported tothe head office’s senior management and theboard of directors or its audit committee.

2060.05.1.3 Internal Audit Systems andthe Audit Function for Small FinancialInstitutions

An effective system of internal control and anindependent internal audit function form thefoundation for safe and sound operations,regardless of an institution’s size. Each institu-tion should have an internal audit function thatis appropriate to its size and the nature andscope of its activities. The procedures assignedto this function should include adequate testingand review of internal controls and informationsystems.

It is the responsibility of the audit committeeand management to carefully consider the extentof auditing that will effectively monitor theinternal control system after taking into accountthe internal audit function’s costs and benefits.For institutions that are large or have complexoperations, the benefits derived from a full-timemanager of internal audit or an auditing stafflikely outweigh the cost. For small institutionswith few employees and less complex opera-tions, however, these costs may outweigh thebenefits. Nevertheless, a small institution with-out an internal auditor can ensure that it main-tains an objective internal audit function byimplementing a comprehensive set of indepen-dent reviews of significant internal controls. Thekey characteristic of such reviews is that theperson(s) directing and/or performing the reviewof internal controls is not also responsible formanaging or operating those controls. A personwho is competent in evaluating a system ofinternal control should design the review proce-dures and arrange for their implementation. Theperson responsible for reviewing the system ofinternal control should report findings directlyto the audit committee. The audit committeeshould evaluate the findings and ensure thatsenior management has or will take appropriateaction to correct the control deficiencies.

2060.05.2 INTERNAL AUDITOUTSOURCING ARRANGEMENTS(PART II)

2060.05.2.1 Examples of Internal AuditOutsourcing Arrangements

An outsourcing arrangement is a contractbetween an institution and an outsourcing ven-dor to provide internal audit services. Outsourc-

11. Where the board of directors fulfills the audit commit-tee responsibilities, the procedures should provide for thesubmission of employee concerns to an outside director.


BHC Supervision Manual June 2003Page 5

ing arrangements take many forms and are usedby institutions of all sizes. Some institutionsconsider entering into these arrangements toenhance the quality of their control environmentby obtaining the services of a vendor with theknowledge and skills to critically assess, andrecommend improvements to, their internal con-trol systems. The internal audit services undercontract can be limited to helping internal auditstaff in an assignment for which they lack exper-tise. Such an arrangement is typically under thecontrol of the institution’s manager of internalaudit, and the outsourcing vendor reports to himor her. Institutions often use outsourcing ven-dors for audits of areas requiring more technicalexpertise, such as electronic data processing andcapital-markets activities. Such uses are oftenreferred to as ‘‘internal audit assistance’’ or‘‘audit co-sourcing.’’

Some outsourcing arrangements may requirean outsourcing vendor to perform virtually allthe procedures or tests of the system of internalcontrol. Under such an arrangement, a desig-nated manager of internal audit oversees theactivities of the outsourcing vendor and typi-cally is supported by internal audit staff. Theoutsourcing vendor may assist the audit staff indetermining risks to be reviewed and may rec-ommend testing procedures, but the internalaudit manager is responsible for approving theaudit scope, plan, and procedures to be per-formed. Furthermore, the internal audit manageris responsible for the results of the outsourcedaudit work, including findings, conclusions, andrecommendations. The outsourcing vendor mayreport these results jointly with the internal auditmanager to the audit committee.

2060.05.2.2 Additional Inspection andExamination Considerations for InternalAudit Outsourcing Arrangements

Even when outsourcing vendors provide inter-nal audit services, the board of directors andsenior management of an institution are respon-sible for ensuring that both the system of inter-nal control and the internal audit function oper-ate effectively. In any outsourced internal auditarrangement, the institution’s board of directorsand senior management must maintain owner-ship of the internal audit function and provideactive oversight of outsourced activities. Whennegotiating the outsourcing arrangement with anoutsourcing vendor, an institution should care-

fully consider its current and anticipated busi-ness risks in setting each party’s internal auditresponsibilities. The outsourcing arrangementshould not increase the risk that a breakdown ofinternal control will go undetected.

To clearly distinguish its duties from those ofthe outsourcing vendor, the institution shouldhave a written contract, often taking the form ofan engagement letter.12 Contracts between theinstitution and the vendor typically include pro-visions that—

1. define the expectations and responsibilitiesunder the contract for both parties;

2. set the scope and frequency of, and the feesto be paid for, the work to be performed bythe vendor;

3. set the responsibilities for providing andreceiving information, such as the type andfrequency of reporting to senior manage-ment and directors about the status of con-tract work;

4. establish the process for changing the termsof the service contract, especially for expan-sion of audit work if significant issues arefound, and stipulations for default and ter-mination of the contract;

5. state that internal audit reports are the prop-erty of the institution, that the institutionwill be provided with any copies of therelated workpapers it deems necessary, andthat employees authorized by the institutionwill have reasonable and timely access tothe workpapers prepared by the outsourcingvendor;

6. specify the locations of internal auditreports and the related workpapers;

7. specify the period of time (for example,seven years) that vendors must maintain theworkpapers;13

8. state that outsourced internal audit servicesprovided by the vendor are subject to regu-latory review and that examiners will begranted full and timely access to the inter-nal audit reports and related workpapersprepared by the outsourcing vendor;

12. The engagement letter provisions described are compa-rable to those outlined by the American Institute of CertifiedPublic Accountants (AICPA) for financial statement audits(see AICPA Professional Standards, AU section 310). Theseprovisions are consistent with the provisions customarilyincluded in contracts for other outsourcing arrangements,such as those involving data processing and information tech-nology. Therefore, the federal banking agencies consider theseprovisions to be usual and customary business practices.

13. If the workpapers are in electronic format, contractsoften call for the vendor to maintain proprietary software thatenables the bank and examiners to access the electronicworkpapers for a specified time period.



9. prescribe a process (arbitration, mediation,or other means) for resolving disputes andfor determining who bears the cost of con-sequential damages arising from errors,omissions, and negligence; and

10. state that the outsourcing vendor will notperform management functions, make man-agement decisions, or act or appear to actin a capacity equivalent to that of a memberof management or an employee and, ifapplicable, will comply with AICPA,SEC, PCAOB, or regulatory independenceguidance.

2060.05.2.2.1 Management of theOutsourced Internal Audit Function

Directors and senior management should ensurethat the outsourced internal audit function iscompetently managed. For example, larger insti-tutions should employ sufficient competent staffmembers in the internal audit department toassist the manager of internal audit in oversee-ing the outsourcing vendor. Small institutionsthat do not employ a full-time audit managershould appoint a competent employee who ide-ally has no managerial responsibility for theareas being audited to oversee the outsourcingvendor’s performance under the contract. Thisperson should report directly to the audit com-mittee for purposes of communicating internalaudit issues.

2060.05.2.2.2 Communication ofOutsourced Internal Audit Findings toDirectors and Senior Management

Communication between the internal audit func-tion and the audit committee and senior manage-ment should not diminish because the institutionengages an outsourcing vendor. All work by theoutsourcing vendor should be well documentedand all findings of control weaknesses should bepromptly reported to the institution’s managerof internal audit. Decisions not to report theoutsourcing vendor’s findings to directors andsenior management should be the mutual deci-sion of the internal audit manager and the out-sourcing vendor. In deciding what issues shouldbe brought to the board’s attention, the conceptof ‘‘materiality,’’ as the term is used in financialstatement audits, is generally not a good indica-tor of which control weakness to report. Forexample, when evaluating an institution’s com-pliance with laws and regulations, any excep-tion may be important.

2060.05.2.2.3 Competence of OutsourcedInternal Audit Vendor

Before entering an outsourcing arrangement, theinstitution should perform due diligence to sat-isfy itself that the outsourcing vendor has suffi-cient staff qualified to perform the contractedwork. The staff’s qualifications may be demon-strated, for example, through prior experiencewith financial institutions. Because the outsourc-ing arrangement is a personal-services contract,the institution’s internal audit manager shouldhave confidence in the competence of the staffassigned by the outsourcing vendor and receivetimely notice of key staffing changes. Through-out the outsourcing arrangement, managementshould ensure that the outsourcing vendor main-tains sufficient expertise to effectively performits contractual obligations.

2060.05.2.2.4 Contingency Planning toAvoid Discontinuity of Internal AuditCoverage

When an institution enters into an outsourcingarrangement (or significantly changes the mix ofinternal and external resources used by internalaudit), it may increase its operational risk.Because the arrangement may be terminatedsuddenly, the institution should have a contin-gency plan to mitigate any significant disconti-nuity in audit coverage, particularly for high-risk areas.

2060.05.3 INDEPENDENCE OF THEINDEPENDENT PUBLICACCOUNTANT (PART III)

The following discussion applies only when a

financial institution is considering using a pub-

lic accountant to provide both external audit

and internal audit services to the institution.

When one accounting firm performs both theexternal audit and the outsourced internal auditfunction, the firm risks compromising its inde-pendence. These concerns arise because, ratherthan having two separate functions, this out-sourcing arrangement places the independentpublic accounting firm in the position of appear-ing to audit, or actually auditing, its own work.For example, in auditing an institution’s finan-cial statements, the accounting firm will con-sider the extent to which it may rely on the



internal control system, including the internalaudit function, in designing audit procedures.

2060.05.3.1 Applicability of the SEC’sAuditor Independence Requirements

2060.05.3.1.1 Institutions That Are PublicCompanies

To strengthen auditor independence, Congresspassed the Sarbanes-Oxley Act of 2002 (theact). Title II of the act applies to any publiccompany—that is, any company that has a classof securities registered with the SEC or theappropriate federal banking agency under sec-tion 12 of the Securities Exchange Act of 1934or that is required to file reports with the SECunder section 15(d) of that act.14 The act prohib-its an accounting firm from acting as the exter-nal auditor of a public company during the sameperiod that the firm provides internal audit out-sourcing services to the company.15 In addition,if a public company’s external auditor will beproviding auditing services and permissible non-audit services, such as tax services, the compa-ny’s audit committee must preapprove each ofthese services.

According to the SEC’s final rules (effectiveMay 6, 2003) implementing the act’s nonauditservice prohibitions and audit committee preap-proval requirements, an accountant is not inde-pendent if, at any point during the audit andprofessional engagement period, the accountantprovides internal audit outsourcing or other pro-

hibited nonaudit services to the public companyaudit client. The SEC’s final rules generallybecome effective May 6, 2003, although a one-year transition period is provided if the accoun-tant is performing prohibited nonaudit servicesand actual audit services for a public companypursuant to a contract in existence on May 6,2003. The services provided during this transi-tion period, however, must not have impairedthe auditor’s independence under the preexist-ing independence requirements of the SEC, theIndependence Standards Board, and the AICPA.Although the SEC’s pre-Sarbanes-Oxley inde-pendence requirements (issued November 2000(effective August 2002)) did not prohibit theoutsourcing of internal audit services to a publiccompany’s independent public accountant, theydid place conditions and limitations on internalaudit outsourcing.

2060.05.3.1.2 Depository InstitutionsSubject to the Annual Audit andReporting Requirements of Section 36 ofthe FDI Act

Under section 36, as implemented by part 363of the FDIC’s regulations, each FDIC-insureddepository institution with total assets of$500 million or more is required to have anannual audit performed by an independent pub-lic accountant.16 The part 363 guidelines addressthe qualifications of an independent publicaccountant engaged by such an institution bystating that ‘‘[t]he independent public accoun-tant should also be in compliance with theAICPA’s Code of Professional Conduct andmeet the independence requirements and inter-pretations of the SEC and its staff.’’ 17

Thus, the guidelines provide for each FDIC-insured depository institution with $500 millionor more in total assets, whether or not it is apublic company, and its external auditor to com-ply with the SEC’s auditor independencerequirements that are in effect during the periodcovered by the audit. These requirementsinclude the nonaudit-service prohibitions andaudit committee preapproval requirementsimplemented by the SEC’s January 2003 audi-tor independence rules, once the rules come intoeffect.18

14. 15 U.S.C. 78l and 78o(d).15. In addition to prohibiting internal audit outsourcing,

the Sarbanes-Oxley Act (15 U.S.C. 78j-1) also identifies othernonaudit services that an external auditor is prohibited fromproviding to a public company whose financial statements itaudits. The legislative history of the act indicates that threebroad principles should be considered when determiningwhether an auditor should be prohibited from providing anonaudit service to an audit client. These principles are that anauditor should not (1) audit his or her own work, (2) performmanagement functions for the client, or (3) serve in an advo-cacy role for the client. To do so would impair the auditor’sindependence. Based on these three broad principles, the othernonaudit services . . . referred to in this section . . . that anauditor is prohibited from providing to a public companyaudit client include bookkeeping or other services related tothe client’s accounting records or financial statements; finan-cial information systems design and implementation; appraisalor valuation services, fairness opinions, or contribution-in-kind reports; actuarial services; management functions orhuman resources; broker or dealer, investment adviser, orinvestment banking services; legal services and expert ser-vices unrelated to the audit; and any other service determinedto be impermissible by the PCAOB.

16. 12 C.F.R. 363.3(a). (See FDIC Financial InstitutionsLetter, FIL-17-2003 (Corporate Governance, Audits, andReporting Requirements), Attachment II, March 5, 2003.)

17. Appendix A to part 363, Guidelines and Interpreta-tions, paragraph 14, Independence.

18. If a depository institution subject to section 36 andpart 363 satisfies the annual independent audit requirement byrelying on the independent audit of its parent holding com-



2060.05.3.1.3 Institutions Not Subject toSection 36 of the FDI Act That AreNeither Public Companies NorSubsidiaries of Public Companies

The agencies have long encouraged each institu-tion not subject to section 36 of the FDI Act thatis neither a public company nor a subsidiary of apublic company 19 to have its financial state-ments audited by an independent public accoun-tant.20 The agencies also encourage each suchinstitution to follow the internal audit outsourc-ing prohibition in the Sarbanes-Oxley Act, asdiscussed above for institutions that are publiccompanies. As previously mentioned, someinstitutions seek to enhance the quality of theircontrol environment by obtaining the services ofan outsourcing vendor who can critically assesstheir internal control system and recommendimprovements. The agencies believe that a smallnonpublic institution with less complex opera-tions and limited staff can, in certain circum-stances, use the same accounting firm to per-form both an external audit and some or all ofthe institution’s internal audit activities. Thesecircumstances include, but are not limited to,situations where—

1. splitting the audit activities poses significantcosts or burden,

2. persons with the appropriate specializedknowledge and skills are difficult to locateand obtain,

3. the institution is closely held and investorsare not solely reliant on the audited financialstatements to understand the financial posi-tion and performance of the institution, and

4. the outsourced internal audit services are lim-ited in either scope or frequency.

In circumstances such as these, the agenciesview an internal audit outsourcing arrangementbetween a small nonpublic institution and itsexternal auditor as not being inconsistent with

their safety-and-soundness objectives for theinstitution.

When a small nonpublic institution decides tohire the same firm to perform internal and exter-nal audit work, the audit committee and theexternal auditor should pay particular attentionto preserving the independence of both the inter-nal and external audit functions. Furthermore,the audit committee should document both thatit has preapproved the internal audit outsourcingto its external auditor and has considered theindependence issues associated with thisarrangement.21 In this regard, the audit commit-tee should consider the independence standardsdescribed in parts I and II of the policy state-ment, the AICPA guidance discussed below,and the broad principles that the auditor shouldnot perform management functions or serve inan advocacy role for the client.

Accordingly, the agencies will not consideran auditor who performs internal audit outsourc-ing services for a small nonpublic audit client tobe independent unless the institution and itsauditor have adequately addressed the associ-ated independence issues. In addition, the insti-tution’s board of directors and managementmust retain ownership of and accountability forthe internal audit function and provide activeoversight of the outsourced internal auditrelationship.

A small nonpublic institution may be requiredby another law or regulation, an order, oranother supervisory action to have its financialstatements audited by an independent publicaccountant. In this situation, if warranted forsafety-and-soundness reasons, the institution’sprimary federal regulator may require that theinstitution and its independent public accountantcomply with the auditor independence require-ments of the Act.22

2060.05.3.1.4 AICPA Guidance

As noted above, the independent public accoun-tant for a depository institution subject to sec-tion 36 of the FDI Act also should be in compli-ance with the AICPA’s Code of ProfessionalConduct. This code includes professional ethicsstandards, rules, and interpretations that are

pany, once the SEC’s January 2003 regulations prohibiting anexternal auditor from performing internal audit outsourcingservices for an audit client take effect May 6, 2003, or May 6,2004, depending on the circumstances, the holding company’sexternal auditor cannot perform internal audit outsourcingwork for that holding company or the subsidiary institution.

19. FDIC-insured depository institutions with less than$500 million in total assets are not subject to section 36 of theFDI Act. Section 36 does not apply directly to holding compa-nies, but it provides that, for an insured depository institutionthat is a subsidiary of a holding company, its audited financialstatements requirement and certain of its other requirementsmay be satisfied by the holding company.

20. See, for example, the 1999 Interagency Policy State-ment on External Auditing Programs of Banks and SavingsInstitutions.

21. If a small nonpublic institution is considering havingits external auditor perform other nonaudit services, its auditcommittee may wish to discuss the implications of the perfor-mance of these services on the auditor’s independence.

22. 15 U.S.C. 78j-1.



binding on all certified public accountants(CPAs) who are members of the AICPA in orderfor the member to remain in good standing.Therefore, this code applies to each memberCPA who provides audit services to an institu-tion, regardless of whether the institution issubject to section 36 or is a public company.

The AICPA has issued guidance indicatingthat a member CPA would be deemed not inde-pendent of his or her client when the CPA actsor appears to act in a capacity equivalent to amember of the client’s management or as aclient employee. The AICPA’s guidanceincludes illustrations of activities that would beconsidered to compromise a CPA’s indepen-dence. Among these are activities that involvethe CPA authorizing, executing, or consummat-ing transactions or otherwise exercising author-ity on behalf of the client. For additional details,refer to Interpretation 101-3, Performance ofOther Services, and Interpretation 101-13,Extended Audit Services, in the AICPA’s Codeof Professional Conduct.

2060.05.4 INSPECTION GUIDANCE(PART IV)

2060.05.4.1 Review of the Internal AuditFunction and Outsourcing Arrangements

Examiners should have full and timely access toan institution’s internal audit resources, includ-ing personnel, workpapers, risk assessments,work plans, programs, reports, and budgets. Adelay may require examiners to widen the scopeof their inspection work and may subject theinstitution to follow-up supervisory actions.

Examiners should assess the quality andscope of an institution’s internal audit function,regardless of whether it is performed by theinstitution’s employees or by an outsourcingvendor. Specifically, examiners should considerwhether—

1. the internal audit function’s control riskassessment, audit plans, and audit programsare appropriate for the institution’sactivities;

2. the internal audit activities have been ad-justed for significant changes in the institu-tion’s environment, structure, activities, riskexposures, or systems;

3. the internal audit activities are consistentwith the long-range goals and strategic

direction of the institution and are respon-sive to its internal control needs;

4. the audit committee promotes the internalaudit manager’s impartiality and indepen-dence by having him or her directly reportaudit findings to it;

5. the internal audit manager is placed in themanagement structure in such a way thatthe independence of the function is notimpaired;

6. the institution has promptly responded tosignificant identified internal controlweaknesses;

7. the internal audit function is adequatelymanaged to ensure that audit plans are met,programs are carried out, and results ofaudits are promptly communicated to seniormanagement and members of the auditcommittee and board of directors;

8. workpapers adequately document the inter-nal audit work performed and support theaudit reports;

9. management and the board of directors usereasonable standards, such as the IIA’sStandards for the Professional Practice ofInternal Auditing, when assessing the per-formance of internal audit; and

10. the audit function provides high-qualityadvice and counsel to management and theboard of directors on current developmentsin risk management, internal control, andregulatory compliance.

The examiner should assess the competenceof the institution’s internal audit staff and man-agement by considering the education, profes-sional background, and experience of the princi-pal internal auditors. In addition, whenreviewing outsourcing arrangements, examinersshould determine whether—

1. the arrangement maintains or improves thequality of the internal audit function and theinstitution’s internal control;

2. key employees of the institution and the out-sourcing vendor clearly understand the linesof communication and how any internal con-trol problems or other matters noted by theoutsourcing vendor are to be addressed;

3. the scope of the outsourced work is revisedappropriately when the institution’s environ-ment, structure, activities, risk exposures, orsystems change significantly;

4. the directors have ensured that the out-sourced internal audit activities are effec-tively managed by the institution;

5. the arrangement with the outsourcing vendorsatisfies the independence standards



described in this policy statement andthereby preserves the independence of theinternal audit function, whether or not thevendor is also the institution’s independentpublic accountant; and

6. the institution has performed sufficient duediligence to satisfy itself of the vendor’scompetence before entering into the out-sourcing arrangement and has adequate pro-cedures for ensuring that the vendor main-tains sufficient expertise to performeffectively throughout the arrangement.

2060.05.4.2 Inspection Concerns Aboutthe Adequacy of the Internal AuditFunction

If the examiner concludes that the institution’sinternal audit function, whether or not it is out-sourced, does not sufficiently meet the institu-tion’s internal audit needs; does not satisfy theInteragency Guidelines Establishing Standardsfor Safety and Soundness, if applicable; or isotherwise inadequate, he or she should deter-mine whether the scope of the inspection shouldbe adjusted. The examiner should also discusshis or her concerns with the internal audit man-ager or other person responsible for reviewingthe system of internal control. If these discus-sions do not resolve the examiner’s concerns, heor she should bring these matters to the attentionof senior management and the board of directorsor audit committee. Should the examiner findmaterial weaknesses in the internal audit func-tion or the internal control system, he or sheshould discuss them with appropriate agencystaff in order to determine the appropriateactions the agency should take to ensure that theinstitution corrects the deficiencies. Theseactions may include formal and informalenforcement actions.

The institution’s management and compositeratings should reflect the examiner’s conclu-sions regarding the institution’s internal auditfunction. The report of inspection should con-tain comments concerning the adequacy of thisfunction, significant issues or concerns, and rec-ommended corrective actions.

2060.05.4.3 Concerns About theIndependence of the Outsourcing Vendor

An examiner’s initial review of an internal auditoutsourcing arrangement, including the actionsof the outsourcing vendor, may raise questionsabout the institution’s and its vendor’s adher-ence to the independence standards described in

parts I and II of the policy statement, whether ornot the vendor is an accounting firm, and inpart III if the vendor provides both external andinternal audit services to the institution. In suchcases, the examiner first should ask the institu-tion and the outsourcing vendor how the auditcommittee determined that the vendor was inde-pendent. If the vendor is an accounting firm, theaudit committee should be asked to demonstratehow it assessed that the arrangement has notcompromised applicable SEC, PCAOB, AICPA,or other regulatory standards concerning auditorindependence. If the examiner’s concerns arenot adequately addressed, the examiner shoulddiscuss the matter with appropriate agency staffprior to taking any further action.

If the agency staff concurs that the indepen-dence of the external auditor or other vendorappears to be compromised, the examiner willdiscuss his or her findings and the actions theagency may take with the institution’s seniormanagement, board of directors (or audit com-mittee), and the external auditor or other vendor.In addition, the agency may refer the externalauditor to the state board of accountancy, theAICPA, the SEC, the PCAOB, or other authori-ties for possible violations of applicable inde-pendence standards. Moreover, the agency mayconclude that the institution’s external auditingprogram is inadequate and that it does not com-ply with auditing and reporting requirements,including sections 36 and 39 of the FDI Act andrelated guidance and regulations, if applicable.


1. To determine with reasonable assurancewhether the institution23 has an adequatesystem of internal controls that ensures effi-cient and effective operations, including thesafeguarding of assets, reliable financialreporting, and compliance with applicablelaws and regulations.

2. To determine if the internal audit functionand the internal audit outsourcing arrange-ments of the banking organizations areadequately and competently managed bythe board of directors and senior manage-ment.

23. The term ‘‘institution’’ is used to maintain consistency

with the interagency policy statement, but these inspection

objectives and procedures apply to financial holding compa-

nies, bank holding companies, and their bank and nonbank

subsidiaries.



3. To ascertain that the banking organization’sinternal audit function monitors, reviews,and ensures the continued existence andmaintenance of sound and adequate internalcontrols over the management process: thecontrol environment, risk assessment, con-trol activities, information and communica-tion, and monitoring activities.

4. To make an overall determination as towhether an institution’s internal audit func-tion and its processes are effective or inef-fective based on the 2003 interagency pol-icy statement and the FR supplementalpolicy guidance.

5. To determine whether the internal auditfunction reports vital information aboutweaknesses in the system of internal controlto the board of directors (or its audit com-mittee) and senior management and thatexpeditious remedial action is taken toresolve the internal control weaknesses aswell as any other exceptions.

6. To determine if

a. the audit committee has established andmaintains procedures for employees ofthe institution to confidentially andanonymously submit concerns to thecommittee about questionable account-ing, internal control, or auditing matters;and

b. the audit committee has procedures forthe timely investigation of complaintsreceived and the retention, for a reason-able time period, of documentation con-cerning the complaint and its subsequentresolution.

7. To determine the adequacy of the internalaudit function (including its use of out-sourced internal audit vendors) as to organi-zational structure, prudent management,staff having sufficient expertise, audit qual-ity, and the ability of auditors to directlyand freely communicate internal audit find-ings to the board of directors, its audit com-mittee, and senior management.

8. To review and evaluate internal audit out-sourcing arrangements and the actions ofthe outsourcing vendor, under standardsestablished in the 2003 ‘‘Interagency PolicyStatement on the Internal Audit Functionand Its Outsourcing’’ and the 2013 FederalReserve’s ‘‘Supplemental Policy Statementon the Internal Audit Function and its Out-sourcing.’’

9. To determine whether the internal auditfunction and its processes can be reliedupon for the current supervisory reviewperiod.

10. For high risk areas, to make a determinationas to whether additional inspection work isneeded even when the internal audit may bedeemed effective and its work reliable.


Examiners should obtain assurances from theaudit committee and senior management thatthey will have full and timely access to aninstitution’s internal audit resources, includingpersonnel, work papers, risk assessments, workplans, programs, reports, and budgets. Examin-ers should consider widening the scope of theirinspection work when such assurances are notprovided or if there are any significant delays ingaining access to the internal audit resources.Such a delay may subject the institution tofollow-up supervisory action.

This inspection program should include areview of audit function and audit outsourcing,which would include a review of the holdingcompany’s internal and external audits and theaudit procedures they encompass. The auditguidelines are general and all sections or ques-tions may not be applicable to every entitywithin the consolidated organization.

Before reviewing any specific audit proce-dures, the examiner should first determine theindependence and competence of the auditors. Ifthe examiner believes the auditors to be bothcompetent and independent, he or she shouldthen determine the effectiveness and adequacyof their work, and whether the auditors made anassessment as to whether the institution’s inter-nal audit function incorporated the enhancedpractices outlined in the FR’s ‘‘SupplementalPolicy Statement on Internal Audit Functionand its Outsourcing’’ (Supplemental Guidance).

Based on a review of the audit function andon the auditor’s work, the examiner must thendetermine the scope of the inspection. The pro-gram and related supporting documentationshould be completed in an organized mannerand should be retained as part of the inspectionwork papers.

Upon completion of the review of the internalaudit program, the examiner should be able toformulate a conclusion on the effectiveness ofaudit processes and coverage. Conclusionsabout any weaknesses in the internal or externalaudit work performed for the FR supervisedbank or savings and loan holding company



should be summarized and included in theinspection report. Matters Requiring ImmediateAttention (MRIA) or Matters Requiring Atten-tion (MRA) to be included in the inspectionreport should be discussed with the audit com-mittee and board of directors, the Chief AuditExecutive, (CAE) and senior bank management.

2060.05.6.1 Internal Audit Function

The following inspection procedures shouldencompass a review of the structure of the inter-nal audit organization and function:

1. Organizational structure of the auditdepartment. Review the internal audit’scharter and its organization chart for directand indirect reporting lines of the CAE, andthe minutes of the board’s audit or examin-ing committee to determine how effectivelythe CAE and board of directors are dis-charging their responsibility. If the CAEreports to someone other than the chiefexecutive officer (CEO), determine if theaudit committee has documented its ratio-nale for the reporting structure, includingany mitigating controls for situations thatcould adversely impact the objectivity ofthe CAE. Determine if the audit committeehas quarterly, but at least annually, evalu-ated whether (1) the CAE is impartial andnot unduly influenced by the administrativereporting line and (2) any conflicts of inter-est for the CAE and other audit staff areaccompanied by appropriate restrictions tomitigate those conflicts.

2. Independence of the audit function. Inter-view the CAE and observe the operation ofthe audit department to determine its func-tional responsibilities.

3. CAE’s qualifications. Review biographicaldata and interview the CAE to determinehis or her ability to manage the institution’sinternal audit function and his or herresponsibility within the institution (i.e.,bank holding or savings and loan holdingcompany).

4. Audit staff qualifications. Review the bio-graphical data and interview the manage-ment staff of the audit department to deter-mine their qualifications commensuratewith their delegated responsibilities com-pared to the institution’s strategy and opera-tions. Review the educational background,professional certifications and relevantbanking and audit experience of staff toassess overall staff qualifications and to

identify any knowledge gaps.

5. Skills gap assessments. Review how oftenthey are performed, and how gaps in cover-age are addressed (e.g. targeted staff hires;training; businessline rotation programs,and co-sourcing/ outsourcing arrange-ments).

6. Training. Ensure there is a process in placeto determine and monitor the annual train-ing, typically 40 hours minimum, for eachstaff member based on their needs.

7. Content and use of the audit frequency andscope schedule. Review the methodologyutilized to determine the audit universe andfrequency of coverage per auditable entity.

8. Audit department participation in systemsdesign projects. Determine through inter-views and documentation reviews, internalaudit’s role in assessing systems changecontrol processes.

9. Internal audit charter. Review the internalaudit charter to determine its currentadequacy. Determine whether the CAEperiodically reviews the current adequacyof the charter and makes recommendationsto the audit committee for improving inter-nal audit function and whether outsourcingto external experts may be needed.

10. Audit manual. Review the audit manual toensure that it includes all applicable auditprocesses, practices, and procedures, andapplicable references to Institute of InternalAuditor (IIA) standards.

11. Maintenance of audit records. Review asample of the audit reports and associatedwork papers to determine compliance withprescribed procedures and proper documen-tation, including appropriate distribution tosenior managers.

12. Audit department’s formal reporting proce-dures. Review CAE presentations and MISreporting to the audit or examining commit-tee to ensure the committee is providingeffective oversight of the internal auditfunction.

13. Issue Tracking Follow-up Processes.Review processes utilized to validate clo-sure of internal audit findings. Review asample of closed issues to ensure that inter-nal audit maintains sufficient documenta-tion to validate issue closure.

14. Use and effectiveness of audit computerprograms. Interview the CAE and/or theappropriate staff members regarding the useof the computer and access to the files for



audit purposes. Obtain a walkthrough ofautomated auditing systems and methodolo-gies.

2060.05.6.2 Other Internal AuditFunction Inspection Procedures

1. Broaden the scope of the inspection if theinstitution’s internal audit function, whetheror not it is outsourced, does not sufficientlymeet its internal audit needs, does not sat-isfy the Interagency Guidelines Establish-ing Standards for Safety and Soundness, oris otherwise inadequate.

2. Discuss supervisory concerns and outstand-ing internal-external audit report commentswith the CAE or other person responsiblefor reviewing the system of internal control.If these discussions do not resolve theexaminer’s comments and concerns, bringthese matters to the attention of senior man-agement and the board of directors or auditcommittee.

3. If material weaknesses in the internal auditfunction or the internal control system exist,discuss them with appropriate FederalReserve Bank supervisory staff to deter-mine the appropriate actions that should betaken to ensure that the institution correctsthe deficiencies (including formal and infor-mal enforcement actions).

4. Incorporate conclusions about the institu-tion’s internal audit function into its man-agement and composite supervisory ratings.

5. Include in the inspection report commentsconcerning the adequacy of the internalaudit function, significant issues or con-cerns, and recommended corrective actions.

2065.05.6.3 Additional Aspects of theExaminer’s Review of an OutsourcingArrangement

1. Review the internal audit outsourcingarrangement and determine if the institutionhas a written contract or an engagementletter with the vendor.

2. Determine whether the written contract orengagement letter includes provisionsthat—a. define the expectations and responsibili-

ties under the contract for both parties;b. set the scope and frequency of, and the

fees to be paid for, the work to be per-formed by the vendor;

c. set the responsibilities for providing andreceiving information, such as the typeand frequency of reporting to seniormanagement and directors about the sta-tus of contract work;

d. establish the process for changing theterms of the service contract, especiallyfor expansion of audit work if significantissues are found, and establish stipula-tions for default and termination of thecontract;

e. state that internal audit reports are theproperty of the institution, that the insti-tution will be provided with any copiesof the related work papers it deems nec-essary, and that employees authorized bythe institution will have reasonable andtimely access to the work papers pre-pared by the outsourcing vendor;

f. specify the locations of internal auditreports and the related work papers;

g. specify the period of time (for example,seven years) that vendors must maintainthe work papers;24

h. state that outsourced internal audit ser-vices provided by the vendor are subjectto regulatory review and that examinerswill be granted full and timely access tothe internal audit reports and relatedwork papers prepared by the outsourcingvendor;

i. prescribe a process (arbitration, media-tion, or other means) for resolving dis-putes and for determining who bears thecost of consequential damages arisingfrom errors, omissions, and negligence;and

j. state that the outsourcing vendor will notperform management functions, makemanagement decisions, or act or appearto act in a capacity equivalent to that of amember of management or an employeeand, if applicable, will comply withAICPA, SEC, PCAOB, or regulatoryindependence guidance.

3. Determine whether—a. the outsourcing arrangement maintains

or improves the quality of the internalaudit function and the institution’s inter-nal control;

b. key employees of the institution and the

24. If the work papers are in electronic format, contracts

often call for the vendor to maintain proprietary software that

enables the banking organization and examiners to access the

electronic work papers for a specified time period.



outsourcing vendor clearly understandthe lines of communication and how anyinternal control problems or other mat-ters noted by the outsourcing vendor areto be addressed;

c. the scope of work is revised appropri-ately when the institution’s environment,structure, activities, risk exposures, orsystems change significantly;

d. the directors have ensured that the out-sourced internal audit function is effec-tively managed by the institution;

e. the arrangement with the outsourcingvendor satisfies the independence stan-dards described in the Policy Statementon the Internal Audit Function and ItsOutsourcing and thereby preserves theindependence of the internal audit func-tion, whether or not the vendor is alsothe institution’s independent publicaccountant;

f. the institution has performed sufficientdue diligence to satisfy itself of the ven-dor’s competence before entering intothe outsourcing arrangement andwhether there are adequate proceduresfor ensuring that the vendor maintainssufficient expertise to perform effectivelythroughout the arrangement; and

g. the institution has a contingency plan toensure continuity in audit coverage,especially for high-risk areas.

4. Adjust the scope of the inspection if theoutsourcing arrangement has diminished thequality of the institution’s internal audit. Ifthe quality of the internal audit is dimin-ished, inform senior management and theboard of directors and consider it in theinstitution’s management and compositeratings.

2060.05.6.4 Assessment of AuditorIndependence

1. The initial review of an internal audit out-sourcing arrangement, including the actionsof the outsourcing vendor, may raise ques-tions about the institution’s and its vendor’sadherence to the independence standardsdiscussed in parts I, II, and III of the ‘‘Inter-agency Policy Statement on the InternalAudit Function and Its Outsourcing’’ (2003Policy Statement) and the Federal Reserv-e’s 2013 Supplemental Guidance. If thevendor provides both external and internalaudit services to the institution—a. question the bank or savings and loan

holding company’s CAE and audit com-mittee how they determined that the ven-dor was independent; and

b. if the vendor is an accounting firm, askthe CAE or audit committee how theyassessed that the arrangement had notcompromised applicable SEC, PCAOB,AICPA, or other regulatory standardsconcerning auditor independence.

2. If the answers to the above raise supervi-sory concern, or are not adequatelyaddressed, discuss the matter with appropri-ate Reserve Bank management and supervi-sory staff.

3. If the Reserve Bank management and super-visory staff concurs that the independenceof the external auditor or other vendorappears to be compromised, discuss theinspection findings and what appropriatesupervisory actions the Federal Reservemay take with the bank holding or savingsand loan holding company’s senior manage-ment, board of directors (or audit commit-tee), and the external auditor or other ven-dor.

2060.05.6.5 Supplemental Procedures toEvaluate the Effectiveness of the InternalAudit Function

1. Determine whether the internal audit func-tion and its processes are effective or inef-fective and whether internal audit’s workcan be potentially relied upon as part of thesupervisory review process. An institution’sinternal audit function generally would beconsidered effective if the institution’sinternal audit function structure and prac-tices are consistent with the 2003 inter-agency policy statement and the FederalReserve’s 2013 supplemental guidance(supplemental guidance).

2. To determine if the institution has incorpo-rated the Federal Reserve’s SupplementalGuidance, evaluate whether the factors andrequirements underpinning the followingcharacteristics and processes are in place:Attributes

• Independence• Competent internal audit staff• Objectivity and ethics

Governance• Role of board of directors• Role of audit committee



• Role of Chief Audit Executive (CAE)Audit Processes

• Audit methodology—Review the inter-nal audit’s risk-assessment methodol-ogy that drives its risk-assessment pro-cess and determine if it represents theaudit universe. Determine if the meth-odology included a documented analy-sis of cross-institutional risk and the-matic control issues and the processesand procedures for evaluating theeffectiveness of risk-management, con-trol, and governance processes. Evalu-ate internal audit’s plan for continuousmonitoring and in determining andevaluating risk. Assess internal audit’sprocess for incorporating other riskidentification techniques (i.e., risk andcontrol self-assessment) that the insti-tution’s management utilizes.

• Audit universe—Determine if internalaudit has effective processes to identifyall auditable entities within the audituniverse. Review the documentation ofthe audit universe and verify whether ithas been reviewed periodically (e.g.,during the annual audit planning pro-cess) and when significant organiza-tional changes have occurred.

• Risk assessment—Review internalaudit’s documentation of its under-standing of the institution’s significantbusiness activities and their associatedrisks. Verify that internal auditincludes, at least annually, a review ofcritical risk-management functions aswell as changes in the system of inter-nal controls, infrastructure, work pro-cesses, new or changed business lines,or laws and regulations. Review thedisposition of the results of the overallrisk assessment summary and deter-mine if internal audit gave consider-ation to key performance or risk indica-tors and the most significant risksfacing the institution, including howthe risks are addressed within the inter-nal audit plan.

• Audit plan—Verify that internal auditdevelops and periodically revises itscomprehensive audit plan. Determineif it verifies that the plan includes auditcoverage for all identified, auditableentities within the audit universe appro-priate for the size and complexity of

the institution’s activities.• Continuous monitoring— Supplement

inspection procedures with continuousmonitoring and an assessment of keyelements of internal audit, including:

— the adequacy and independenceof the audit committee;

— the independence, professionalcompetence, and quality of theinternal audit function;

— the quality and scope of the auditmethodology, audit plan, and riskassessment; and

— the adequacy of audit programsand work paper standards.

1) Review these key elements at leastannually to determine whether therehave been significant changes in theinternal audit infrastructure orwhether there are potential concernsregarding their adequacy.

2) Make a determination on whetherthe work of internal audit can berelied upon when internal audit’soverall function and related pro-cesses are effective and when recentwork was performed by internalaudit in an area where examinersare performing inspection proce-dures.

3) Evaluate and determine whetheradditional inspection work isneeded in high risk areas evenwhere internal audit has beendeemed effective and its work reli-able.

Audit Performance and Monitoring• Scope—Adjust the scope of the inspec-

tion if the bank holding or savings andloan holding company’s internal auditfunction does not sufficiently meet theinstitution’s internal audit needs(whether or not the audit function isoutsourced), or is otherwise ineffec-tive.

• Work papers—Determine whether theinternal audit work papers adequatelydocument the work program, the workperformed and work paper standards,including documentation of any obser-vations and analysis made, the conclu-sions, and audit results.

• Audit reports:1) Ascertain whether internal audit has

effective audit reporting processesthat communicate audit reportissues throughout the institution



and they are addressed in a timelymanner.

2) Review the inspection period’saudit reports and verify that theycontain an executive summarydescribing the auditable area, itsconclusions, rationale, key issues,and management’s documentedaction plans to address audit find-ings.

• Audit issues tracking1) Verify that internal audit has effec-

tive processes in place to track,monitor, and follow up on openaudit issues.

2) Determine if the institution con-ducts independent quality assurancereviews of internal audit work per-formed.

3) Verify that the CAE implementsappropriate improvements in inter-nal audit processes or staff trainingthrough the quality assurance andimprovement programs.

4) Determine whether the institutionconducts an internal quality assess-ment at least annually and if theCAE reports the results and statusof internal assessments to seniormanagement and the audit commit-tee at least annually.

5) Discuss supervisory concerns andoutstanding internal-external auditreport comments with the CAE orother person responsible for review-ing the system of internal control. Ifthese discussions do not resolve theexaminer’s comments and concerns,bring these matters to the attentionof senior management and the boardof directors or the audit committee.

• Retrospective review processes.1) Determine if management has con-

ducted a post-mortem and ‘‘lessonslearned’’ analysis when adverseevents (fraud or a significant loss)have occurred.

2) Find out if internal audit functionverified that a review took place andthat appropriate action was taken toremediate identified issues.

3) Ascertain if internal audit functionevaluated management’s analysis ofthe reasons for the event and if theadverse event was the result of acontrol break down or failure, andwhether management identifiedmeasures to be put in place to pre-

vent a similar event from occurringin the future.

Quality Assurance— Internal Quality Assurance. Ensure

that the internal audit function pro-cess is documented in the auditmanual. Review samples of work,overall results and status of anyaction plans.

— External Quality Assurance. Deter-mine whether an independent assess-ment had been performed within thefive-year requirement. Review resultsand action plan status to remediateissues.1) Assess the quality and scope of

the internal audit work, regardlessof whether it is performed by theinstitution’s employees or by anoutsourcing vendor. Considerwhether—a. the internal audit function’s

risk assessment, plans, and pro-grams are appropriate for theinstitution’s activities;

b. the internal audit function isadequately managed to ensurethat audit plans are accom-plished, programs are carriedout, and results of audits arepromptly communicated to themanagers and directors;

c. the internal audit plan and pro-gram have been adjusted forsignificant changes in the insti-tution’s environment, structure,activities, risk exposures, orsystems;

d. the activities of internal auditare consistent with the long-range goals of the institutionand are responsive to its inter-nal control needs; and

e. the audit function provideshigh-quality advice and coun-sel to management and theboard of directors on currentdevelopments in risk manage-ment, internal control, andregulatory compliance.

3. If there are deficiencies in any internal auditcharacteristics, use your judgment to:

• evaluate the significance of the deficien-cies and their relevance to the institu-tion’s safety and soundness or compli-



ance with laws and regulations, and

• determine whether these deficiencieswould preclude overall audit processesfrom being deemed effective.

While the internal audit function’s overallprocesses could be deemed effective, someelements of the internal audit function mayrequire enhancements or improvements,such as documentation with respect to spe-cific audit processes (for example, riskassessments or work papers).

4. If examiners find the key elements of theinternal audit function to be insufficient, theoverall effectiveness of the internal auditfunction should come into question. Suchfindings may be include:

• Lack of an appropriate risk-assessmentprocess

• Lack of sufficient and competentresources

• Lack of audit coverage in key areas

• Inappropriate classification of audit find-ings

• Insufficient root cause analyses

• Numerous work paper deficiencies

• A large number of unresolved control-related issues

5. Internal audit processes may be consideredineffective if there are significant, unre-solved supervisory matters requiring imme-diate attention (MRIAs) and/or mattersrequiring attention (MRAs) pertaining tointernal audit, or if other supervisory con-cerns exist relating to the effectiveness ofthe internal audit function.

2060.05.6.6 Continuous Monitoringbetween Inspections of Internal Audit

1. Supplement the inspection proceduresthrough continuous monitoring. Include anassessment of key elements of internal auditduring the period following the institution’smost recent inspection. The assessment ofkey elements of internal audit shouldinclude:

• The adequacy and independence of theaudit committee;

• The independence, professional compe-tence, and quality of the internal auditfunction;

• The quality and scope of the audit meth-

odology, audit plan, and risk assessment;and

• The adequacy of audit programs andwork paper standards.

2. Review, at least annually, the above keyelements and determine whether there havebeen significant changes to the internalaudit infrastructure or whether there arepotential concerns regarding their adequacy.

2060.05.6.7 Evaluating the Ability toRely on Internal Audit

1. Consider relying on internal audit at asupervised institution based on whether:

a. an internal audit was deemed effective atthe most recent supervisory inspection ofinternal audit;

b. internal audit’s overall function andrelated processes are considered effec-tive and when recent work was per-formed by internal audit in a area whereexaminers are performing inspectionprocedures and the examiners can evalu-ation whether they may rely on the workof internal audit;

c. an evaluation was performed of the sig-nificance and degree of risk of particularactivities, business lines or other areas orbusiness and if a determination wasmade as to the existence of appropriateinternal controls over such risks; and

d. the extent of continuous monitoringactivities that did not identify any sig-nificant deficiencies or discover anyadverse changes in audit processes or thequality of internal audit’s work.

2. Leverage off an internal audit function’sassessment of how emerging risks and high-risk areas are mitigated within the institu-tion, including whether appropriate internalcontrols are in place over such risks;

3. For emerging risks and high-risk areas,determine if additional inspection work isneeded, even when internal audit has beendeemed effective and its work consideredreliable.

4. Document the results of the supervisoryreview, supporting the basis for a conclu-sion as to whether the examiners can relyupon internal audit and whether there areany specific auditable areas (that is, func-tion or business line) or elements of internalaudit (e.g. open audit issues) on which theexaminers cannot rely.



2060.05.6.8 Considerations forConsolidated Supervision

1. Tailor the nature and scope of the FederalReserve’s supervisory and inspection workto the organization’s legal entity and regula-tory structure and also the risks associatedwith the organization’s activities. Promoteeffective consolidated supervision by foster-ing strong, cooperative relationships amongthe Federal Reserve, relevant domestic andforeign supervisors, and functional regula-tors. Achieve this objective while limitingthe potential for duplication of effort orundue burden on the institution underreview.

2. Focus on the scope and depth of the othersupervisor’s or regulator’s internal auditreview. Determine the Federal Reserve’sability to rely on the work of the relevantsupervisor or functional regulator:• Rely to the fullest extent possible on

assessments and information developedby other relevant domestic and foreignsupervisors and functional regulators;

• Focus Federal Reserve supervisory atten-tion on material risks from activities thatare not supervised by another supervisor

or regulator, or that cut across legal enti-ties; and

• Participate in the exchange of informa-tion among domestic and foreign super-visors and functional regulators, consis-tent with applicable laws andinformation-sharing arrangements, pro-viding for the comprehensive, consoli-dated supervision of each banking orga-nization’s global activities.

3. The Federal Reserve’s conduct of consoli-dated supervision is central to and depen-dent on the coordination with, and relianceon, the work of other relevant primarysupervisors and functional regulators. TheFederal Reserve’s direction for achievingthese objectives is closely integrated intothe supervisory framework for consolidatedbank holding companies and the combinedU.S. operations of foreign banking organi-zations.

4. When the Federal Reserve is not the pri-mary supervisor or functional regulator ofall entities consolidated under the holdingcompany, the Federal Reserve will evaluatewhether, and the degree to which, the majorsubsidiaries of the holding company imple-mented the supplemental guidance.



Supplemental Policy Statement on the Internal Audit Functionand Its Outsourcing Section 2060.07

The Federal Reserve issued this January 23,2013, policy statement to supplement the guid-ance in the 2003 ‘‘Interagency Policy Statementon the Internal Audit Function and Its Outsourc-ing’’ (referred to as the 2003 Policy Statement).1Federal Reserve staff has identified areas forimproving regulated institutions’ internal auditfunctions. This supplemental policy statementaddresses the characteristics, governance, andoperational effectiveness of an institution’sinternal audit function. Further, this statementreflects certain changes in banking regulationsthat have occurred since the issuance of the2003 Policy Statement. The Federal Reserve isproviding this supplemental guidance toenhance regulated institutions’ internal auditpractices and to encourage them to adopt profes-sional audit standards and other authoritativeguidance, including those issued by the Instituteof Internal Auditors (IIA).2

This supplemental statement applies to super-vised institutions with greater than $10 billionin total consolidated assets, including statemember banks, domestic bank and savings andloan holding companies, and U.S. operations offoreign banking organizations.3 This supple-mental guidance is also consistent with theobjectives of the Federal Reserve’s consolidatedsupervision framework for large financial insti-tutions with total consolidated assets of $50 bil-lion or more, which promotes an independentinternal audit function as an essential elementfor enhancing the resiliency of supervisedinstitutions.4

Assessment of the effectiveness of the internalaudit function. The degree to which an institu-tion implements the internal audit practices out-lined in this policy statement will be consideredin the Federal Reserve’s supervisory assessmentof the effectiveness of an institution’s internalaudit function as well as its safety and sound-ness and compliance with consumer laws and

regulations. Moreover, the overall effectivenessof an institution’s internal audit function willinfluence the ability of the Federal Reserve torely upon the work of an institution’s internalaudit function.

This supplemental policy statement buildsupon the 2003 Policy Statement, which remainsin effect, and follows the same organizationalstructure, with a new section entitled ‘‘EnhancedInternal Audit Practices’’ and updates to PartsI-IV of the 2003 Policy Statement. Refer toSR-13-1/CA13-1 and its attachment. To avoidhistorical references and duplication some intro-ductory paragraphs and other small phrases areomitted from the policy statement here, as indi-cated by a line of asterisks.

* * * * * *

2060.07.1 SUPPLEMENTAL POLICYGUIDANCE

2060.07.1.1 Enhanced Internal AuditPractices

An institution’s internal audit function shouldincorporate the following enhanced practicesinto their overall processes:

2060.07.1.1.1 Risk Analysis

Internal audit should analyze the effectivenessof all critical risk-management functions bothwith respect to individual risk dimensions (forexample, credit risk), and an institution’s overallrisk-management function. The analysis shouldfocus on the nature and extent of monitoringcompliance with established policies and pro-cesses and applicable laws and regulationswithin the institution as well as whether moni-toring processes are appropriate for the institu-tion’s business activities and the associatedrisks.

2060.07.1.1.2 Thematic Control Issues

Internal audit should identify thematic macrocontrol issues as part of its risk-assessment pro-

1. Refer to SR-03-5, ‘‘Amended Interagency Guidance onthe Internal Audit Function and Its Outsourcing.’’

2. In this guidance, references have been provided to theIIA’s International Standards for the Professional Practice ofInternal Auditing (Standards). Refer to the IIA website athttps://na.theiia.org/standards-guidance/pages/standards-and-guidance-ippf.aspx.

3. Section 4 of this document, however, clarifies certainchanges to the Federal Deposit Insurance Corporation regula-tion (12 CFR part 363) on independence standards for inde-pendent public accountants at insured depository institutionswith total assets of $500 million or more, which were adoptedpursuant to 2009 amendments to section 36 of the FDI Act.

4. Refer to SR-12-17/CA letter 12-14, ‘‘ConsolidatedSupervision Framework for Large Financial Institutions.’’


cesses and determine the overall impact of suchissues on the institution’s risk profile. Addi-tional audit coverage would be expected in busi-ness activities that present the highest risk to theinstitution. Internal audit coverage should reflectthe identification of thematic macro controlissues across the firm in all auditable areas.Internal audit should communicate thematicmacro control issues to senior management andthe audit committee.

In addition, internal audit should identify pat-terns of thematic macro control issues, deter-mine whether additional audit coverage isrequired, communicate such control deficienciesto senior management and the audit committee,and ensure management establishes effectiveremediation mechanisms.

2060.07.1.1.3 Challenging Managementand Policy

Internal audit should challenge management toadopt appropriate policies and procedures andeffective controls. If policies, procedures, andinternal controls are ineffective or insufficient ina particular line of business or activity, internalaudit should report specific deficiencies tosenior management and the audit committeewith recommended remediation. Such recom-mendations may include restricting businessactivity in affected lines of business until effec-tive policies, procedures, and controls aredesigned and implemented. Internal audit shouldmonitor management’s corrective action andconduct a follow-up review to confirm that therecommendations of both internal audit and theaudit committee have been addressed.

2060.07.1.1.4 Infrastructure

When an institution designs and implementsinfrastructure enhancements, internal auditshould review significant changes and notifymanagement of potential internal control issues.In particular, internal audit should ensure thatexisting, effective internal controls (for exam-ple, software applications and managementinformation system reporting) are not renderedineffective as a result of infrastructure changesunless those controls are compensated for byother improvements to internal controls.

2060.07.1.1.5 Risk Tolerance

Internal audit should understand risks faced bythe institution and confirm that the board ofdirectors and senior management are activelyinvolved in setting and monitoring compliancewith the institution’s risk tolerance limits. Inter-nal audit should evaluate the reasonableness ofestablished limits and perform sufficient testingto ensure that management is operating withinthese limits and other restrictions.

2060.07.1.1.6 Governance and StrategicObjectives

Internal audit should evaluate governance at allmanagement levels within the institution,including at the senior management level, andwithin all significant business lines. Internalaudit should also evaluate the adequacy andeffectiveness of controls to respond to riskswithin the organization’s governance, opera-tions, and information systems in achieving theorganization’s strategic objectives. Any con-cerns should be communicated by internal auditto the board of directors and seniormanagement.

2060.07.1.2 Internal Audit Function (PartI of the 2003 Policy Statement)

The primary objectives of the internal auditfunction are to examine, evaluate, and performan independent assessment of the institution’sinternal control system, and report findings backto senior management and the institution’s auditcommittee. An effective internal audit functionwithin a financial institution is a vital means foran institution’s board of directors to maintainthe quality of the internal control environmentand risk-management systems.

The guidance set forth in this section supple-ments the existing guidance in the 2003 PolicyStatement by strongly encouraging internalauditors to adhere to professional standards,such as the IIA guidance. Furthermore, this sec-tion clarifies certain aspects of the IIA guidanceand provides practices intended to increase thesafety and soundness of institutions.

2060.07.1.2.1 Attributes of Internal Audit

Independence. Internal audit is an independentfunction that supports the organization’s busi-ness objectives and evaluates the effectiveness

Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing 2060.07


of risk management, control, and governanceprocesses. The 2003 Policy Statement addressedthe structure of an internal audit function, not-ing that it should be positioned so that an institu-tion’s board of directors has confidence that theinternal audit function can be impartial and notunduly influenced by managers of day-to-dayoperations. Thus, the member of managementresponsible for the internal audit function (here-after referred to as the chief audit executive orCAE)5 should have no responsibility for operat-ing the system of internal control and shouldreport functionally to the audit committee. Areporting arrangement may be used in which theCAE is functionally accountable and reportsdirectly to the audit committee on internal auditmatters (that is, the audit plan, audit findings,and the CAE’s job performance and compensa-tion) and reports administratively to anothersenior member of management who is notresponsible for operational activities reviewedby internal audit. When there is an administra-tive reporting of the CAE to another member ofsenior management, the objectivity of internalaudit is served best when the CAE reportsadministratively to the chief executive officer(CEO).

If the CAE reports administratively to some-one other than the CEO, the audit committeeshould document its rationale for this reportingstructure, including mitigating controls avail-able for situations that could adversely impactthe objectivity of the CAE. In such instances,the audit committee should periodically (at leastannually) evaluate whether the CAE is impartialand not unduly influenced by the administrativereporting line arrangement. Further, conflicts ofinterest for the CAE and all other audit staffshould be monitored at least annually withappropriate restrictions placed on auditing areaswhere conflicts may occur.

For foreign banking organizations (FBOs),the internal audit function for the U.S. opera-tions of an FBO should have appropriate inde-pendent oversight for the total assets of U.S.operations.6 When there is a resident U.S. auditfunction, the CAE of the U.S. audit functionshould report directly to senior officials of theinternal audit department at the head office suchas the global CAE. If the FBO has separate U.S.subsidiaries, oversight may be provided by a

U.S. based audit committee that meets U.S. pub-lic company standards for independence or bythe foreign parent company’s internal auditfunction.

Professional competence and staffing. Internalaudit staff should have the requisite collectiveskill levels to audit all areas of the institution.Therefore, auditors should have a wide range ofbusiness knowledge, demonstrated throughyears of audit and industry-specific experience,educational background, professional certifica-tions, training programs, committee participa-tion, professional associations, and job rota-tional assignments. Internal audit should assignstaff to audit assignments based on areas ofexpertise and, when feasible, rotate staff withinthe audit function.

Internal audit management should performknowledge-gap assessments at least annually toevaluate whether current staff members have theknowledge and skills commensurate with theinstitution’s strategy and operations. Manage-ment feedback surveys and internal or externalquality assurance findings are useful tools toidentify and assess knowledge gaps. Any identi-fied knowledge gaps should be filled and maybe addressed through targeted staff hires, train-ing, business line rotation programs, and out-sourcing arrangements. The internal audit func-tion should have an effective staff trainingprogram to advance professional developmentand should have a process to evaluate and moni-tor the quality and appropriateness of trainingprovided to each auditor. Internal auditors gen-erally receive a minimum of forty hours oftraining in a given year.

Objectivity and ethics. Internal auditors shouldbe objective, which means performing assign-ments free from bias and interference. A majorcharacteristic of objectivity is that the CAE andall internal audit professional staff avoid anyconflicts of interest.7 For their first year in theinternal audit function, internally recruitedinternal auditors should not audit activities forwhich they were previously responsible. More-over, compensation schemes should not provideincentives for internal auditors to act contrary tothe attributes and objectives of the internal audit

5. More recently, this title is used to refer to the person incharge of the internal audit function. An institution may nothave a person at the management level of CAE and insteadmay have an internal audit manager.

6. This is defined as the combined total assets of U.S.operations, net of all intercompany assets and claims onU.S.-domiciled affiliates.

7. IIA standards define conflict of interest as a situation inwhich an internal auditor, who is in a position of trust, has acompeting professional or personal interest. Such competinginterests can make it difficult for the individual to fulfill his orher duties impartially.



function.8 While an internal auditor may recom-mend internal control standards or review man-agement’s procedures before implementation,objectivity requires that the internal auditor notbe responsible for the design, installation, proce-dures development, or operations of the institu-tion’s internal control systems.

An institution’s internal audit function shouldhave a code of ethics that emphasizes the prin-ciples of objectivity, competence, confidential-ity, and integrity, consistent with professionalinternal audit guidance such as the code ofethics established by the IIA.

Internal audit charter. Each institution shouldhave an internal audit charter that describes thepurpose, authority, and responsibility of theinternal audit function. An audit charter shouldinclude the following critical components:

• The objectives and scope of the internal auditfunction;

• The internal audit function’s managementreporting position within the organization, aswell as its authority and responsibilities;

• The responsibility and accountability of theCAE; and

• The internal audit function’s responsibility toevaluate the effectiveness of the institution’srisk management, internal controls, and gov-ernance processes.

The charter should be approved by the auditcommittee of the institution’s board of directors.The charter should provide the internal auditfunction with the authorization to access theinstitution’s records, personnel, and physicalproperties relevant to the performance of inter-nal audit procedures, including the authority toexamine any activities or entities. Periodically,the CAE should evaluate whether the chartercontinues to be adequate, requesting theapproval of the audit committee for any revi-sions. The charter should define the criteria forwhen and how the internal audit function mayoutsource some of its work to external experts.

2060.07.1.2.2 Corporate GovernanceConsiderations

Board of directors and senior managementresponsibilities. The board of directors andsenior management are responsible for ensuringthat the institution has an effective system ofinternal controls. As indicated in the 2003 Pol-icy Statement, this responsibility cannot be del-egated to others within the institution or toexternal parties. Further, the board of directorsand senior management are responsible forensuring that internal controls are operatingeffectively.

Audit committee responsibilities. An institu-tion’s audit committee is responsible for estab-lishing an appropriate internal audit functionand ensuring that it operates adequately andeffectively. The audit committee should be con-fident that the internal audit function addressesthe risks and meets the demands posed by theinstitution’s current and planned activities.Moreover, the audit committee is expected toretain oversight responsibility for any aspects ofthe internal audit function that are outsourced toa third party.

The audit committee should provideoversight to the internal audit function. Auditcommittee meetings should be on a frequencythat facilitates this oversight and generallyshould be held four times a year at a minimum,with additional meetings held by audit commit-tees of larger financial institutions. Annually,the audit committee should review and approveinternal audit’s charter, budget and staffinglevels, and the audit plan and overall risk-assessment methodology. The committeeapproves the CAE’s hiring, annual performanceevaluation, and compensation.

The audit committee and its chairpersonshould have ongoing interaction with the CAEseparate from formally scheduled meetings toremain current on any internal audit department,organizational, or industry concerns. In addi-tion, the audit committee should have executivesessions with the CAE without members ofsenior management present as needed.

The audit committee should receive appropri-ate levels of management information to fulfillits oversight responsibilities. At a minimum, theaudit committee should receive the followingdata with respect to internal audit:

• Audit results with a focus on areas rated lessthan satisfactory;

• Audit plan completion status and compliancewith report issuance timeframes;

8. IIA standards have additional examples of ‘‘conflict ofinterest’’ for consideration.



• Audit plan changes, including the rationalefor significant changes;

• Audit issue information, including aging,past-due status, root-cause analysis, and the-matic trends;

• Information on higher-risk issues indicatingthe potential impact, root cause, and remedia-tion status;

• Results of internal and external quality assur-ance reviews;

• Information on significant industry and insti-tution trends in risks and controls;

• Reporting of significant changes in audit staff-ing levels;

• Significant changes in internal audit pro-cesses, including a periodic review of keyinternal audit policies and procedures;

• Budgeted audit hours versus actual audithours;

• Information on major projects; and• Opinion on the adequacy of risk-management

processes, including effectiveness of manage-ment’s self-assessment and remediation ofidentified issues (at least annually).

Role of the chief audit executive. In addition tocommunicating and reporting to the audit com-mittee on audit-related matters, the CAE isresponsible for developing and maintaining aquality assurance and improvement programthat covers all aspects of internal audit activity,and for continuously monitoring the effective-ness of the audit function. The CAE and/orsenior staff should effectively manage and moni-tor all aspects of audit work on an ongoingbasis, including any audit work that isoutsourced.9

2060.07.1.2.3 The Adequacy of theInternal Audit Function’s Processes

Internal audit should have an understanding ofthe institution’s strategy and operating processesas well as the potential impact of current marketand macroeconomic conditions on the financialinstitution. Internal audit’s risk-assessmentmethodology is an integral part of the evalua-tion of overall policies, procedures, and controlsat the institution and the development of a planto test those processes.

Audit methodology. Internal audit should ensurethat it has a well-developed risk-assessmentmethodology that drives its risk-assessment pro-cess. The methodology should include an analy-sis of cross-institutional risk and thematic con-trol issues and address its processes andprocedures for evaluating the effectiveness ofrisk management, control, and governance pro-cesses. The methodology should also addressthe role of continuous monitoring in determin-ing and evaluating risk, as well as internalaudit’s process for incorporating other risk iden-tification techniques that the institution’s man-agement utilizes such as a risk and control self-assessment (RCSA). The components of aneffective methodology should support the inter-nal audit function’s assessment of the controlenvironment, beginning with an evaluation ofthe audit universe.

Audit universe. Internal audit should have effec-tive processes to identify all auditable entitieswithin the audit universe. The number of audit-able entities will depend upon whether entitiesare captured at individual department levels orat other aggregated organizational levels. Inter-nal audit should use its knowledge of the institu-tion to determine whether it has identified allauditable entities and may use the general led-ger, cost centers, new product approval pro-cesses, organization charts, department listings,knowledge of the institution’s products and ser-vices, major operating and application systems,significant laws and regulations, or other data.The audit universe should be documented andreviewed periodically as significant organiza-tional changes occur or at least during theannual audit planning process.

Internal audit risk assessment. A risk assess-ment should document the internal audit staff’sunderstanding of the institution’s significantbusiness activities and the associated risks.These assessments typically analyze the risksinherent in a given business line or process, themitigating control processes, and the resultingresidual risk exposure to the institution.

A comprehensive risk assessment shouldeffectively analyze the key risks (and the criticalrisk-management functions) within the institu-tion and prioritize audit entities within the audituniverse. The risk-assessment process should bewell documented and dynamic, reflectingchanges to the system of internal controls, infra-structure, work processes, and new or changed

9. The ongoing review of audit work should include riskassessments of audit entities and elements, scope documents,audit programs, detailed audit procedures and steps (includingsampling methodologies), audit work papers, audit findings,and monitoring of the timely and effective resolution of auditissues.



business lines or laws and regulations. The riskassessments should also consider thematic con-trol issues, risk tolerance, and governancewithin the institution. Risk assessments shouldbe revised in light of changing market condi-tions or laws and regulations and updated dur-ing the year as changes are identified in thebusiness activities of the institution or observedin the markets in which the institution operates,but no less than annually. When the risk assess-ment indicates a change in risk, the audit planshould be reviewed to determine whether theplanned audit coverage should be increased ordecreased to address the revised assessment ofrisk.

Risk assessments should be formally docu-mented and supported with written analysis ofthe risks.10 There should be risk assessments forcritical risk-management functions within theinstitution. Risk assessments may be quantita-tive or qualitative and may include factors suchas the date of the last audit, prior audit results,the impact and likelihood of an event occurring,and the status of external vendor relationships.A management RCSA, if performed, may beconsidered by the internal audit function indeveloping its independent risk assessment. Theinternal audit risk assessment should alsoinclude a specific rationale for the overall audit-able entity risk score. The overall disposition ofthe risk assessment should be summarized withconsideration given to key performance or riskindicators and prior audit results. A high-levelsummary or discussion of the risk-assessmentresults should be provided to the audit commit-tee and include the most significant risks facingthe institution as well as how these risks havebeen addressed in the internal audit plan.

Internal audit plan. Internal audit should developand periodically revise its comprehensive auditplan and ensure that audit coverage for allidentified, auditable entities within the audituniverse is appropriate for the size andcomplexity of the institution’s activities. Thisshould be accomplished either through amultiyear plan approach, with the plan revisedannually, or through an approach that utilizes aframework to evaluate risks annually focusing onthe most significant risks. In the latter approach,there should be a mechanism in place to identify

when a significant risk will not be audited in thespecified timeframe and a requirement to notifythe audit committee and seek its approval of anyexception to the framework. Generally, commonpractice for institutions with defined audit cyclesis to follow either a three- or four-year auditcycle; high-risk areas should be audited at leastevery twelve to eighteen months.11

The internal audit plan should consider therisk assessment and internal audit’s approach toaudit coverage should be appropriate based onthe risk assessment. An effective plan coversindividual business areas and risk disciplines aswell as cross-functional and cross-institutionalareas.

The audit planning process should bedynamic, allowing for change when necessary.The process should include a process for modi-fying the internal audit plan to incorporate sig-nificant changes that are identified eitherthrough continuous monitoring or during anaudit. Any significant changes should be clearlydocumented and included in quarterly commu-nications to the audit committee. Critical data tobe reported to the audit committee shouldinclude deferred or cancelled audits rated high-risk and other significant additions or deletions.Significant changes to audit budgets and timeli-ness for the completion of audits should bereported to the audit committee with docu-mented rationale.

Internal audit continuous monitoring. Internalaudit is encouraged to utilize formal continuousmonitoring practices as part of the function’srisk-assessment processes to support adjust-ments to the audit plan or universe as theyoccur. Continuous monitoring can be conductedby an assigned group or individual internal audi-tors. An effective continuous monitoring pro-cess should include written standards to ensureconsistent application of processes throughoutthe organization.

Continuous monitoring results should bedocumented through a combination of metrics,management reporting, periodic audit summa-ries, and updated risk assessments to substanti-ate that the process is operating as designed.Critical issues identified through the monitoringprocess should be communicated to the auditcommittee. Computer-assisted auditing tech-niques are useful tools to highlight issues thatwarrant further consideration within a continu-ous monitoring process.10. For example, risks include credit, market, operational,

liquidity, compliance, IT, fraud, political, legal, regulatory,strategic, and reputational.

11. Regardless of the institution’s practice, particular careshould be taken to ensure that higher-risk elements arereviewed with an appropriate frequency, and not obscured dueto their inclusion in a lower risk-rated audit entity.



2060.07.1.2.4 Internal Audit Performanceand Monitoring Processes

Performance. Detailed guidance related to theperformance of an internal audit should be docu-mented in the audit manual12 and work pro-grams to ensure that audit execution is consis-tent across the audit function. Internal auditpolicies and procedures should be designed toensure that audits are executed in a high-qualitymanner, their results are appropriately commu-nicated, and issues are monitored and appropri-ately resolved. In performing internal auditwork, an institution should consider thefollowing.

• Internal audit scope: During the audit plan-ning process, internal audit should analyze theauditable entity’s specific risks, mitigatingcontrols, and level of residual risk. The infor-mation gathered during the audit planningphase should be used to determine the scopeand specific audit steps that should be per-formed to test the adequacy of the design andoperating effectiveness of control processes.

• Internal audit work papers: Work papersdocument the work performed, observationsand analyses made, and support for the con-clusions and audit results. The work papersshould contain sufficient information regard-ing any scope or audit program modificationsand waiver of issues not included in the finalreport. Work papers also should document thespecific sampling methodology, includingminimum sample sizes, and the rationale forsuch methodology. The work papers shouldcontain information that reflects all phases ofthe audit process including planning, field-work, reporting, and issues tracking andfollow-up. On an ongoing basis, a comprehen-sive supervisory review should be performedon all audit work, including any outsourcedinternal audit procedures.13

• Audit report: Internal audit should have effec-tive processes to ensure that issues are com-municated throughout the institution and auditissues are addressed in a timely manner. Theaudit report should include an executive sum-mary that describes the auditable area, audit’s

conclusions, the rationale for those conclu-sions, and key issues. Most audit reports alsoinclude management’s action plans to addressaudit findings. To ensure that identified issuesare addressed in a timely manner, reportsshould be issued to affected business areas,senior management, and the audit committeewithin an appropriate timeframe after thecompletion of field work. Compliance withissuance timeframes should be monitored andreported periodically to the audit committee.At a minimum, internal audit should ensurethat management considers the level and sig-nificance of the risk when assigning resourcesto address and remediate issues. Managementshould appropriately document the actionplans either within the audit report orseparately.

• Internal audit issues tracking: Internal auditshould have effective processes in place totrack and monitor open audit issues and tofollow-up on such issues. The timely remedia-tion of open audit issues is an essential com-ponent of an organization’s risk reductionefforts. Internal audit and the responsiblemanagement should discuss and agree to anappropriate resolution date, based on the levelof work necessary to complete remediationprocesses. When an issue owner indicates thatwork to close an issue is completed, the inter-nal audit function should perform validationwork prior to closing the issue. The level ofvalidation necessary may vary based on theissue’s risk level. For higher-risk issues, inter-nal audit should perform and document sub-stantive testing to validate that the issue hasbeen resolved. Issues should be tested over anappropriate period of time to ensure the sus-tainability of the remediation.

Retrospective review processes. When anadverse event occurs at an institution (for exam-ple, fraud or a significant loss), managementshould conduct a post-mortem and ‘‘lessonslearned’’ analysis. In these situations, internalaudit should ensure that such a review takesplace and appropriate action is taken to remedi-ate identified issues. The internal audit functionshould evaluate management’s analysis of thereasons for the event and whether the adverseevent was the result of a control breakdown orfailure, and identify the measures that should beput in place to prevent a similar event fromoccurring in the future. In certain situations, the

12. To facilitate effective, efficient, and consistent practicewithin the internal audit department, an institution shoulddevelop an audit manual that includes comprehensive policiesand procedures and is made available to all internal auditstaff. The manual should be updated as needed.

13. An experienced audit manager should perform thisreview.



internal audit function should conduct its ownpost-mortem and a ‘‘lessons learned’’ analysisoutlining the remediation procedures necessaryto detect, correct, and/or prevent future internalcontrol breakdowns (including improvements ininternal audit processes).

Quality assurance and improvement program.A well-designed, comprehensive quality assur-ance program should ensure that internal auditactivities conform to the IIA’s professional stan-dards and the institution’s internal audit policiesand procedures. The program should includeboth internal and external quality assessments.

The internal audit function should developand document its internal assessment programto promote and assess the quality and consis-tency of audit work across all audit groups withrespect to policies, procedures, audit perfor-mance, and work papers. The quality assurancereview should be performed by someone inde-pendent of the audit work being reviewed. Con-clusions reached and recommendations forappropriate improvement in internal audit pro-cess or staff training should be implemented bythe CAE through the quality assurance andimprovement program. Action plan progressshould be monitored and subsequently closedafter a period of sustainability. Each institutionshould conduct an internal quality assessmentannually and the CAE should report the resultsand status of internal assessments to senior man-agement and the audit committee at leastannually.

The IIA recommends that an external qualityassessment of internal audit be performed by aqualified independent party at least once everyfive years. The review should address compli-ance with the IIA’s definition of internal audit-ing, code of ethics, and standards, as well aswith the internal audit function’s charter, poli-cies and procedures, and any applicable legisla-tive and regulatory requirements. The CAEshould communicate the results, plannedactions, and status of remediation efforts tosenior management and the audit committee.

2060.07.1.3 Internal Audit OutsourcingArrangements (Part II of the 2003 PolicyStatement)

As stated in the 2003 Policy Statement, an insti-tution’s board of directors and senior manage-ment are charged with the overall responsibility

for maintaining an effective system of internalcontrols. Responsibility for maintaining aneffective system of internal controls cannot bedelegated to a third party. An institution thatchooses to outsource audit work should ensurethat the audit committee maintains ownership ofthe internal audit function. The institution’saudit committee and CAE should provide activeand effective oversight of outsourced activities.Institutions should carefully consider the over-sight responsibilities that are consequential tothese types of arrangements in determiningappropriate staffing levels.

To distinguish its duties from those of theoutsourcing vendor, the institution should havea written contract, which may take the form ofan engagement letter or similar services agree-ment. Contracts between the institution and thevendor should include a provision stating thatwork papers and any related non-public confi-dential information and personal informationmust be handled by the vendor in accordancewith applicable laws and regulations. An institu-tion should periodically confirm that the vendorcontinues to comply with the agreed-upon confi-dentiality requirements, especially for long-termcontracts. The audit committee should approveall significant aspects of outsourcing arrange-ments and should receive information on auditdeficiencies in a manner consistent with thatprovided by the in-house audit department.

2060.07.1.3.1 Vendor Competence

An institution should have appropriate policiesand procedures governing the selection andoversight of internal audit vendors, includingwhether to continue with an existing outsourcedarrangement. The audit committee and the CAEare responsible for the selection and retention ofinternal audit vendors and should be aware offactors that may impact vendors’ competenceand ability to deliver high-quality audit services.

2060.07.1.3.2 Contingency Planning

An institution’s contingency plan should takeinto consideration the extent to which the insti-tution relies upon outsourcing arrangements.When an institution relies significantly on theresources of an internal audit service provider,the institution should have contingency proce-dures for managing temporary or permanentdisruptions in the service in order to ensure thatthe internal audit function can meet its intendedobjectives.



2060.07.1.3.3 Quality of Audit Work

The quality of audit work performed by thevendor should be consistent with the institu-tion’s standards of work expected to be per-formed by an in-house internal audit depart-ment. Further, information supplied by thevendor should provide the board of directors, itsaudit committee, and senior management withan accurate report on the control environment,including any changes necessary to enhancecontrols.

2060.07.1.4 Independence Guidance forthe Independent Public Accountant (PartIII of the 2003 Policy Statement)

The following discussion supplements the dis-cussion in Part III of the 2003 Policy Statementand addresses additional requirements regardingauditor independence for depository institutionssubject to section 36 of the FDI Act (as amendedin 2009).

2060.07.1.4.1 Depository InstitutionsSubject to the Annual Audit andReporting Requirements of Section 36 ofthe FDI Act

The July 2009 amendments to section 36 of theFDI Act (applicable to insured depository insti-tutions with total assets of $500 million or more)require an institution’s external auditor to fol-low the more restrictive of the independencerules issued by the AICPA, SEC, and PCAOB.In March 2003, the SEC prohibited a registeredpublic accounting firm that is responsible forfurnishing an opinion on the consolidated orseparate financial statements of an audit clientfrom providing internal audit services to thatsame client.14 Therefore, by following the morerestrictive independence rules, a depositoryinstitution’s external auditor is precluded fromperforming internal audit services, either on aco-sourced or an outsourced basis, even if theinstitution is not a public company.

2060.07.1.5 Examination Guidance (PartIV of the 2003 Policy Statement)

The following discussion supplements the exist-ing guidance in Part IV of the 2003 Policy

Statement on examination guidance and dis-cusses the overall effectiveness of an institu-tion’s internal audit function and the examiner’sreliance on internal audit.

2060.07.1.5.1 Determining the OverallEffectiveness of Internal Audit

An effective internal audit function is a vehicleto advance an institution’s safety and soundnessand compliance with consumer laws and regula-tions and is therefore considered as part of thesupervisory review process. Federal Reserveexaminers will make an overall determination asto whether the internal audit function and itsprocesses are effective or ineffective andwhether examiners can potentially rely uponinternal audit’s work as part of the supervisoryreview process. If internal audit’s overall pro-cesses are deemed effective, examiners may beable to rely on the work performed by internalaudit depending on the nature and risk of thefunctions subject to examination.

The supervisory assessment of internal auditand its effectiveness will consider an institu-tion’s application of the 2003 Policy Statementand this supplemental guidance. An institution’sinternal audit function generally would be con-sidered effective if the institution’s internal auditfunction structure and practices are consistentwith the 2003 Policy Statement and this guid-ance.

Conversely, an institution’s internal auditfunction that does not follow the enhanced prac-tices and supplemental guidance outlined in thispolicy letter generally will be considered inef-fective. In such a case, examiners will not relyon the institution’s internal audit function.

Examiners will inform the CAE as to whetherthe function is deemed to be effective or ineffec-tive. Internal audit’s overall processes could bedeemed effective even though some aspects ofthe internal audit function may requireenhancements or improvements such as addi-tional documentation with respect to specificaudit processes (for example, risk assessmentsor work papers). In these situations, the requiredenhancements or improvements generallyshould not be a critical part of the overall inter-nal audit function, or the function should bedeemed to be ineffective.

14. See SEC final rule, ‘‘Strengthening the Commission’sRequirements Regarding Auditor Independence,’’ at 17 CFRparts 210, 240, 249 and 274.



2060.07.1.5.2 Relying on the WorkPerformed by Internal Audit

Examiners may rely on internal audit at super-vised institutions if internal audit was deemedeffective at the most recent examination of inter-nal audit. In examining an institution’s internalaudit function, examiners will supplement theirexamination procedures through continuousmonitoring and an assessment of key elementsof internal audit, including (1) the adequacy andindependence of the audit committee; (2) theindependence, professional competence, andquality of the internal audit function; (3) thequality and scope of the audit methodology,audit plan, and risk assessment; and (4) theadequacy of audit programs and work paperstandards. On at least an annual basis, examin-ers should review these key elements to deter-mine whether there have been significantchanges in the internal audit infrastructure orwhether there are potential concerns regardingtheir adequacy.

Examiners may choose to rely on the work ofinternal audit when internal audit’s overall func-tion and related processes are effective andwhen recent work was performed by internalaudit in an area where examiners are performingexamination procedures. For example, if aninternal audit department performs internal auditwork in an area where examiners might alsoreview controls, examiners may evaluatewhether they can rely on the work of internalaudit (and either eliminate or reduce the testingscheduled as part of the regulatory examinationprocesses). In high-risk areas, examiners willconsider whether additional examination workis needed even where internal audit has beendeemed effective and its work reliable.

* * * * * * * * * * *

(End of the January 23, 2013, SupplementalPolicy Statement)



Audit(Management Information Systems) Section 2060.1


Effective January 2016, this section has beenrevised to incorporate the January 15, 2016“Interagency Advisory on External Audits ofInternationally Active U.S. Financial Institu-tions.” The federal banking agencies issued theinteragency advisory to communicate their sup-port for the principles and expectations set forthin parts 1 and 2 of the Basel Committee onBanking Supervision’s March 2014 guidance on“External audits of banks.” “InternationallyActive Banks” is defined in the advisory. Referto subsection 2060.1.8 and SR-16-2 and itsattachment.

2060.1.1 INTERNAL AND EXTERNALAUDIT PROGRAMS AND ACTIVITIES

Audit is an independent appraisal activity thatserves as a managerial control within an organi-zation. The primary responsibility for the main-tenance of sound systems of internal controlsand an adequate internal audit program restswith the directorate of the bank holding com-pany. Included among the objectives of a com-prehensive audit program are the detection ofirregularities; the determination of compliancewith applicable laws and regulations; and theappraisal of the soundness and adequacy ofaccounting, operating, and administrative con-trols designed to ensure prompt and accuraterecording of transactions and proper safeguard-ing of assets. At a minimum, an audit programshould ensure that adequate systems of checksand balances are in effect to deter fraud anddetect control deficiencies.

The size and complexity of a bank holdingcompany operation are major determinants inthe scope and extent of the audit program that isdeveloped. In the smaller, less sophisticatedorganizations, such as holding company shellsfor small banks, it may not be feasible to employan auditor or implement an audit program. Insome cases, such as those in which bankingassets represent virtually all of the parent com-pany’s assets and a comprehensive, effectiveaudit program is being implemented in the vari-ous subsidiaries, neither an internal nor an exter-nal audit program may be necessary at the par-ent company level.

The development and implementation of aninternal audit program should be delegated to aqualified staff large enough to meet the func-

tional requirements of the job under the guid-ance and leadership of the auditor. When evalu-ating the effectiveness of an internal auditprogram, the examiner may want to consider thesize of audit staffs of banking organizations of asimilar size and complexity. To ensure freedomof access to corporate records and completeindependence and objectivity in administeringthe audit program, the auditor should reportdirectly to the directorate or a committeethereof. Administratively, the internal auditor isusually responsible to an officer at a major poli-cymaking level.

To supplement the internal audit activities,external accountants-auditors may be engagedto certify or audit the financial statements orspecified activities of the bank holding companyand its subsidiaries. Each top-tier bank holdingcompany with total consolidated assets of $500million or more must engage independent pub-lic accountants to perform audits and report onits annual financial statements in accordancewith generally accepted accounting principles.The scope of the audit engagement must besufficient to permit such accountant to deter-mine and report whether the financial statementsare presented fairly and in accordance with gen-erally accepted accounting principles. Bankholding companies do not have to submitaudited financial statements as part of therequirements for the FR Y-6 annual report. TheFederal Reserve may request audited consoli-dated financial statements from any bank hold-ing company with total consolidated assets ofless than $500 million if deemed warranted forsupervisory purposes.

The internal and external auditors shouldwork together in establishing the scope and fre-quency of audits to be performed. In addition toperforming some of the basic functions of theinternal auditor, the external auditor shouldreview the internal auditing program to assessits scope and adequacy. When a bank holdingcompany is perhaps too small to employ aninternal audit staff, but when the complexitiesand activities of the organization suggest theneed for an audit, the holding company shouldconsider hiring an external auditor. Indepen-dence and objectivity are mandatory in any auditprogram, and these are difficult to maintain ifthe audit function is a part-time responsibility.When external auditors are employed to per-form the internal audit function, they should be


permitted to establish the scope of their auditsand schedule surprise audits. They also shouldbe given responsibility for suggesting systemsand organizational duty assignments for maxi-mum control consistent with the size of theorganization.

2060.1.2 EXTERNAL AUDITORS ANDTHE RELEASE OF REQUIREDINFORMATION

The enactment of the Financial InstitutionsReform, Recovery, and Enforcement Act(FIRREA) on August 9, 1989, requires thatFDIC-insured depository institutions that arebeing audited provide their independent auditorswith information concerning their financial con-dition and any supervisory actions being takenagainst them. Specifically, section 36(h)(1) ofthe Federal Deposit Insurance Act (12 U.S.C.1831m(h)(1)) (the FDI Act) requires an insureddepository institution that has engaged the ser-vices of an independent auditor to perform anaudit within the past two years to provide theauditor with—

1. a copy of the most recent report of conditionmade by the institution (pursuant to the FDIAct or any other provision of law) and acopy of the most recent report of examina-tion received by the institution;

2. a copy of any supervisory memorandum ofunderstanding with such institution and anywritten agreement between a federal or statebanking agency and the depository institu-tion that is in effect during the period cov-ered by the audit; and

3. a report of any action initiated or taken by afederal banking agency during the periodcovered by the audit under subsection (a),(b), (c), (e), (g), (i), (s), or (t) of section 8 ofthe FDI Act or of any similar action taken bya state banking agency under state law, orany other civil money penalty assessed underany other provision of law with respect to thedepository institution or any affiliated party.

External auditors who are serving as agentsof a bank holding company may, with theapproval of the organization, review examina-tion or inspection reports and supervisory corre-spondence received and communicate withexaminers. Examiners should remind externalauditors of their responsibility to maintain the

confidentiality of the reports and other supervi-sory communications reviewed as part of theirengagement. See also the Board’s rules on therelease of confidential supervisory information(12 C.F.R. 261, subpart C).

2060.1.3 EXTERNAL AUDITORINQUIRIES

In some situations, examiners may not be ableto fully respond to external auditors’ inquirieson certain matters relating to examinations stillin progress. The examiners’ findings may beincomplete or may be under review by highersupervisory authorities within the FederalReserve System. In addition, as a general prac-tice, examiners will normally only discuss withexternal auditors issues and inspection findingsthat have been presented to the bank holdingcompany’s management. These situations relateprimarily to the timing of the auditors’ inquiriesin relation to the stage of inspection work and,thus, should not automatically preclude an audi-tor from expressing an opinion on the organiza-tion’s financial statements.

2060.1.4 UNSAFE AND UNSOUNDUSE OF LIMITATION-OF-LIABILITYPROVISIONS IN EXTERNAL AUDITENGAGEMENT LETTERS

On February 9, 2006, the Federal Reserve andthe other financial institution regulatory agen-cies (the agencies)1 issued an interagency advi-sory (the advisory) to address safety-and-soundness concerns that may arise whenfinancial institutions enter into external auditcontracts (typically referred to as engagementletters) that limit the auditors’ liability for auditservices.2 The advisory informs financial institu-tions’3 boards of directors, audit committees,management, and external auditors of the safety-and-soundness implications that may arise whenthe financial institution enters into engagementletters that contain provisions to limit the audi-tors’ liability.

The advisory does not apply to previously

1. The Board of Governors of the Federal Reserve System(Board), the Office of the Comptroller of the Currency (OCC),the Federal Deposit Insurance Corporation (FDIC), and theNational Credit Union Administration (NCUA).

2. The advisory is effective for audit engagement lettersissued on or after February 9, 2006.

3. As used in this advisory, the term financial institutions

includes bank holding companies, banks, savings associa-tions, and savings and loan holding companies.

Audit 2060.1


executed engagement letters. However, anyfinancial institution subject to a multiyear auditengagement letter containing unsafe andunsound limitation-of-liability provisions shouldseek an amendment to its engagement letter tobe consistent with the advisory for periods end-ing in 2007 or later. (See SR-06-4.)

Limits on external auditors’ liability mayweaken the external auditors’ objectivity, impar-tiality, and performance and, thus, reduce theagencies’ ability to rely on audits. Therefore,certain limitation-of-liability provisions(described in the advisory and its appendix A;see section 2060.1.4.7) are unsafe and unsound.In addition, such provisions may not be consis-tent with the auditor-independence standards ofthe U.S. Securities and Exchange Commission(SEC), the Public Company Accounting Over-sight Board (PCAOB), and the American Insti-tute of Certified Public Accountants (AICPA).

2060.1.4.1 Scope of the Advisory onEngagement Letters

The advisory applies to engagement lettersbetween financial institutions and external audi-tors with respect to financial-statement audits,audits of internal control over financial report-ing, and attestations on management’s assess-ment of internal control over financial reporting(collectively, audit or audits).

The advisory does not apply to—

1. nonaudit services that may be performed byfinancial institutions’ external auditors,

2. audits of financial institutions’ 401(k) plans,pension plans, and other similar audits,

3. services performed by accountants who arenot engaged to perform financial institutions’audits (e.g., outsourced internal audits orloan reviews), and

4. other service providers (e.g., software con-sultants or legal advisers).

While the agencies have observed severaltypes of limitation-of-liability provisions inexternal audit engagement letters, this advisoryapplies to any agreement that a financial institu-tion enters into with its external auditor thatlimits the external auditor’s liability with respectto audits in an unsafe and unsound manner.

2060.1.4.2 External Audits and TheirEngagement Letters

A properly conducted audit provides an inde-

pendent and objective view of the reliability of afinancial institution’s financial statements. Theexternal auditor’s objective in an audit is toform an opinion on the financial statementstaken as a whole. When planning and perform-ing the audit, the external auditor considers thefinancial institution’s internal control overfinancial reporting. Generally, the external audi-tor communicates any identified deficiencies ininternal control to management, which enablesmanagement to take appropriate correctiveaction. In addition, certain financial institutionsare required to file audited financial statementsand internal control audit or attestation reportswith one or more of the agencies. The agenciesencourage financial institutions not subject tomandatory audit requirements to voluntarilyobtain audits of their financial statements. TheFFIEC’s September 1999 Interagency PolicyStatement on External Auditing Programs ofBanks and Savings Associations4 notes, ‘‘[a]ninstitution’s internal and external audit pro-grams are critical to its safety and soundness.’’The policy also states that an effective externalauditing program ‘‘can improve the safety andsoundness of an institution substantially andlessen the risk the institution poses to the insur-ance funds administered by the FDIC.’’

Typically, a written engagement letter is usedto establish an understanding between the exter-nal auditor and the financial institution regard-ing the services to be performed in connectionwith the financial institution’s audit. Theengagement letter commonly describes theobjective of the audit, the reports to be prepared,the responsibilities of management and theexternal auditor, and other significant arrange-ments (for example, fees and billing). Boards ofdirectors, audit committees, and managementare encouraged to closely review all of the pro-visions in the audit engagement letter beforeagreeing to sign. As with all agreements thataffect a financial institution’s legal rights, thefinancial institution’s legal counsel should care-fully review audit engagement letters to helpensure that those charged with engaging theexternal auditor make a fully informed decision.

The advisory describes the types of objection-able limitation-of-liability provisions and pro-vides examples.5 Financial institutions’ boards

4. See 64 Fed. Reg. 52,319 (September 28, 1999).5. In the majority of external audit engagement letters

reviewed, the agencies did not observe provisions that limitedan external auditor’s liability. However, for those reviewedexternal audit engagement letters that did have external audi-

Audit 2060.1


of directors, audit committees, and managementshould also be aware that certain insurance poli-cies (such as error and omission policies anddirectors’ and officers’ liability policies) mightnot cover losses arising from claims.

2060.1.4.3 Limitation-of-LiabilityProvisions

The provisions of an external audit engagementletter that the agencies deem to be unsafe andunsound can be generally categorized as fol-lows: a provision within an agreement betweena client financial institution and its externalauditor that effectively—

1. indemnifies the external auditor againstclaims made by third parties;

2. holds harmless or releases the external audi-tor from liability for claims or potentialclaims that might be asserted by the clientfinancial institution, other than claims forpunitive damages; or

3. limits the remedies available to the clientfinancial institution, other than punitivedamages.

Collectively, these categories of provisionsare referred to in this advisory as limitation-of-liability provisions.

Provisions that waive the right of financialinstitutions to seek punitive damages from theirexternal auditor are not treated as unsafe andunsound under the advisory. Nevertheless,agreements by clients to indemnify their audi-tors against any third-party damage awards,including punitive damages, are deemed unsafeand unsound under the advisory. To enhancetransparency and market discipline, publicfinancial institutions that agree to waive claimsfor punitive damages against their external audi-tors may want to disclose annually the nature ofthese arrangements in their proxy statements orother public reports.

Many financial institutions are required tohave their financial statements audited, whileothers voluntarily choose to undergo suchaudits. For example, federally insured banks

with $500 million or more in total assets arerequired to have annual independent audits.6

Furthermore, financial institutions that are pub-lic companies7 must have annual independentaudits. Certain savings associations (for exam-ple, those with a CAMELS rating of 3, 4, or 5)and savings and loan holding companies arealso required by OTS’s regulations to haveannual independent audits.8 The agencies relyon the results of audits as part of their assess-ment of a financial institution’s safety andsoundness.

For audits to be effective, the external audi-tors must be independent in both fact andappearance, and they must perform all neces-sary procedures to comply with auditing andattestation standards established by either theAICPA or, if applicable, the PCAOB. Whenfinancial institutions execute agreements thatlimit the external auditors’ liability, the externalauditors’ objectivity, impartiality, and perfor-mance may be weakened or compromised, andthe usefulness of the audits for safety-and-soundness purposes may be diminished.

By their very nature, limitation-of-liabilityprovisions can remove or greatly weaken exter-nal auditors’ objective and unbiased consider-ation of problems encountered in audit engage-ments and may diminish auditors’ adherence tothe standards of objectivity and impartialityrequired in the performance of audits. The exis-tence of such provisions in external auditengagement letters may lead to the use of lessextensive or less thorough procedures thanwould otherwise be followed, thereby reducingthe reliability of audits. Accordingly, financialinstitutions should not enter into external auditarrangements that include unsafe and unsoundlimitation-of-liability provisions identified in theadvisory, regardless of (1) the size of the finan-cial institution, (2) whether the financial institu-tion is public or not, or (3) whether the externalaudit is required or voluntary.

2060.1.4.4 Auditor Independence

Currently, auditor-independence standard-settersinclude the SEC, PCAOB, and AICPA. Depend-ing on the audit client, an external auditor issubject to the independence standards issued byone or more of these standard-setters. For all

tor limited-liability provisions, the agencies noted a signifi-cant increase in the types and frequency of the provisions. Theprovisions took many forms, which made it impractical forthe agencies to provide an all-inclusive list. Examples ofauditor limitation-of-liability provisions are illustrated in theadvisory’s appendix A. See section 2060.1.4.7.

6. For banks and savings associations, see section 36 of theFDI Act (12 U.S.C. 1831m) and part 363 of the FDIC’sregulations (12 C.F.R. 363).

7. Public companies are companies subject to the reportingrequirements of the Securities Exchange Act of 1934.

8. See OTS regulation at 12 C.F.R. 563.4.

Audit 2060.1


nonpublic financial institutions that are notrequired to have annual independent audits, theFDIC’s rules, pursuant to part 363 (or section562.4 of the OTS’s regulations) require onlythat an external auditor meet the AICPA inde-pendence standards. The rules do not require thefinancial institution’s external auditor to complywith the independence standards of the SEC andthe PCAOB.

In contrast, for financial institutions subject tothe audit requirements in part 363 of the FDIC’sregulations (or in section 562.4 of the OTSregulations), the external auditor should be incompliance with the AICPA’s Code of Profes-sional Conduct and meet the independencerequirements and interpretations of the SEC andits staff.9 In this regard, in a December 13, 2004,frequently asked question (FAQ) on the applica-tion of the SEC’s auditor-independence rules,the SEC staff reiterated its long-standing posi-tion that when an accountant and his or herclient enter into an agreement that seeks toprovide the accountant immunity from liabilityfor his or her own negligent acts, the accountantis not independent. The SEC’s FAQ also statedthat including in engagement letters a clausethat would release, indemnify, or hold theauditor harmless from any liability and costsresulting from knowing misrepresentations bymanagement would impair the auditor’sindependence. The FAQ is consistent with theSEC’s Codification of Financial Reporting Poli-cies, section 602.02.f.i, ‘‘Indemnification by Cli-ent.’’ (See section 2060.1.4.8.)

On the basis of the SEC guidance and theagencies’ existing regulations, certain limits onauditors’ liability are already inappropriate inaudit engagement letters entered into by—

1. public financial institutions that file reportswith the SEC or with the agencies,

2. financial institutions subject to part 363,10

and3. certain other financial institutions that are

required to have annual independent audits.

In addition, certain of these limits on audi-tors’ liability may violate the AICPA indepen-dence standards. Notwithstanding the potentialapplicability of auditor-independence standards,the limitation-of-liability provisions discussedin the advisory present safety-and-soundnessconcerns for all financial institution audits.

2060.1.4.5 Alternative Dispute-ResolutionAgreements and Jury-Trial Waivers

The agencies observed that a review of theengagement letters of some financial institutionsrevealed that they had agreed to submit disputesover external audit services to mandatory andbinding alternative dispute resolution, bindingarbitration, or other binding nonjudicial dispute-resolution processes (collectively, mandatoryADR) or to waive the right to a jury trial. Byagreeing in advance to submit disputes to man-datory ADR, financial institutions may waivethe right to full discovery, limit appellatereview, or limit or waive other rights and pro-tections available in ordinary litigationproceedings.

Mandatory ADR procedures and jury-trialwaivers may be efficient and cost-effective toolsfor resolving disputes in some cases. Accord-ingly, the agencies believe that mandatory ADRor waiver of jury-trial provisions in externalaudit engagement letters do not present safety-and-soundness concerns, provided that theengagement letters do not also incorporatelimitation-of-liability provisions. Institutions areencouraged to carefully review mandatory ADRand jury-trial provisions in engagement letters,as well as review any agreements regardingrules of procedure, and to fully comprehend theramifications of any agreement to waive anyavailable remedies. Financial institutions shouldensure that any mandatory ADR provisions inaudit engagement letters are commercially rea-sonable and—

1. apply equally to all parties,2. provide a fair process (for example, neutral

decision makers and appropriate hearing pro-cedures), and

3. are not imposed in a coercive manner.

2060.1.4.6 The Advisory’s Conclusion

Financial institutions’ boards of directors, auditcommittees, and management should not enterinto any agreement that incorporates limitation-of-liability provisions with respect to audits. Inaddition, financial institutions should documenttheir business rationale for agreeing to any otherprovisions that limit their legal rights.

The inclusion of limitation-of-liability provi-sions in external audit engagement letters andother agreements that are inconsistent with the

9. See part 363 of the FDIC’s regulation (12 C.F.R. 363),Appendix A—Guidelines and Interpretations, Guideline 14,

‘‘Role of the Independent Public Accountant-Independence.’’

10. See also the OTS’s regulation (12 C.F.R. 562.4).

Audit 2060.1


advisory will generally be considered an unsafeand unsound practice. Examiners will considerthe policies, processes, and personnel surround-ing a financial institution’s external auditingprogram in determining whether (1) the engage-ment letter covering external auditing activitiesraises any safety-and-soundness concerns and(2) the external auditor maintains appropriateindependence regarding relationships with thefinancial institution under relevant professionalstandards. The agencies may take appropriatesupervisory action if unsafe and unsoundlimitation-of-liability provisions are included inexternal audit engagement letters or other agree-ments related to audits that are executed(accepted or agreed to by the financialinstitution).

2060.1.4.7 Examples of Unsafe andUnsound Limitation-of-LiabilityProvisions

The following information was contained inappendix A of the February 9, 2006, inter-agency advisory.

Presented below are some of the types oflimitation-of-liability provisions (with an illus-trative example of each type) that the agenciesobserved in financial institutions’ external auditengagement letters. The inclusion in externalaudit engagement letters or agreements relatedto audits of any of the illustrative provisions(which do not represent an all-inclusive list) orany other language that would produce similareffects is considered an unsafe and unsoundpractice.

1. ‘‘Release from Liability for AuditorNegligence’’ Provision

In this type of provision, the financial institu-tion agrees not to hold the audit firm liable forany damages, except to the extent determined tohave resulted from willful misconduct orfraudulent behavior by the audit firm.

Example: In no event shall [the audit firm] beliable to the financial institution, whether aclaim be in tort, contract or otherwise, for anyconsequential, indirect, lost profit, or similardamages relating to [the audit firm’s] servicesprovided under this engagement letter, except to

the extent finally determined to have resultedfrom the willful misconduct or fraudulent behav-ior of [the audit firm] relating to such services.

2. ‘‘No Damages’’ Provision

In this type of provision, the financial institu-tion agrees that in no event will the externalaudit firm’s liability include responsibility forany compensatory (incidental or consequential)damages claimed by the financial institution.

Example: In no event will [the audit firm’s]liability under the terms of this agreementinclude responsibility for any claimed incidentalor consequential damages.

3. ‘‘Limitation of Period to File Claim’’Provision

In this type of provision, the financial institu-tion agrees that no claim will be asserted after afixed period of time that is shorter than theapplicable statute of limitations, effectivelyagreeing to limit the financial institution’s rightsin filing a claim.

Example: It is agreed by the financial institutionand [the audit firm] or any successors in inter-est that no claim arising out of services ren-dered pursuant to this agreement by, or onbehalf of, the financial institution shall beasserted more than two years after the date ofthe last audit report issued by [the audit firm].

4. ‘‘Losses Occurring During PeriodsAudited’’ Provision

In this type of provision, the financial institu-tion agrees that the external audit firm’s liabilitywill be limited to any losses occurring duringperiods covered by the external audit, and willnot include any losses occurring in later periodsfor which the external audit firm is not engaged.This provision may not only preclude the collec-tion of consequential damages for harm in lateryears, but could preclude any recovery at all. Itappears that no claim of liability could bebrought against the external audit firm until theexternal audit report is actually delivered. Undersuch a clause, any claim for liability thereaftermight be precluded because the losses did notoccur during the period covered by the externalaudit. In other words, it might limit the externalaudit firm’s liability to a period before there

Audit 2060.1


could be any liability. Read more broadly, theexternal audit firm might be liable for losses thatarise in subsequent years only if the firm contin-ues to be engaged to audit the client’s financialstatements in those years.

Example: In the event the financial institution isdissatisfied with [the audit firm’s] services, it isunderstood that [the audit firm’s] liability, ifany, arising from this engagement will be lim-ited to any losses occurring during the periodscovered by [the audit firm’s] audit, and shallnot include any losses occurring in later periodsfor which is not engaged as auditors.

5. ‘‘No Assignment or Transfer’’Provision

In this type of provision, the financial institu-tion agrees that it will not assign or transfer anyclaim against the external audit firm to anotherparty. This provision could limit the ability ofanother party to pursue a claim against the exter-nal auditor in a sale or merger of the financialinstitution, in a sale of certain assets or a line ofbusiness of the financial institution, or in asupervisory merger or receivership of the finan-cial institution. This provision may also preventthe financial institution from subrogating aclaim against its external auditor to the financialinstitution’s insurer under its directors’ and offi-cers’ liability or other insurance coverage.

Example: The financial institution agrees that itwill not, directly or indirectly, agree to assign ortransfer any claim against [the audit firm] aris-ing out of this engagement to anyone.

6. ‘‘Knowing Misrepresentations byManagement’’ Provision

In this type of provision, the financial institu-tion releases and indemnifies the external auditfirm from any claims, liabilities, and costs attrib-utable to any knowing misrepresentation bymanagement.

Example: Because of the importance of oral andwritten management representations to an effec-tive audit, the financial institution releases andindemnifies [the audit firm] and its personnelfrom any and all claims, liabilities, costs, andexpenses attributable to any knowing misrepre-sentation by management.

7. ‘‘Indemnification for ManagementNegligence’’ Provision

In this type of provision, the financial institu-tion agrees to protect the external auditor fromthird-party claims arising from the external auditfirm’s failure to discover negligent conduct bymanagement. It would also reinforce the defenseof contributory negligence in cases in which thefinancial institution brings an action against itsexternal auditor. In either case, the contractualdefense would insulate the external audit firmfrom claims for damages even if the reason theexternal auditor failed to discover the negligentconduct was a failure to conduct the externalaudit in accordance with generally acceptedauditing standards or other applicable profes-sional standards.

Example: The financial institution shall indem-nify, hold harmless, and defend and its autho-rized agents, partners, and employees from andagainst any and all claims, damages, demands,actions, costs, and charges arising out of, or byreason of, the financial institution’s negligentacts or failure to act hereunder.

8. ‘‘Damages Not to Exceed Fees Paid’’Provision

In this type of provision, the financial institu-tion agrees to limit the external auditor’s liabil-ity to the amount of audit fees the financialinstitution paid the external auditor, regardlessof the extent of damages. This may result in asubstantial unrecoverable loss or cost to thefinancial institution.

Example: [The audit firm] shall not be liable forany claim for damages arising out of or inconnection with any services provided herein tothe financial institution in an amount greaterthan the amount of fees actually paid to [theaudit firm] with respect to the services directlyrelating to and forming the basis of suchclaim.11

11. The agencies also observed a similar provision thatlimited damages to a predetermined amount not related to feespaid.

Audit 2060.1


2060.1.4.8 Frequently Asked Questionson the Application of the SEC’sAuditor-Independence Rules

The following information is contained inappendix B of the February 9, 2006, inter-agency advisory. The information is derivedfrom the SEC’s Office of Chief Accountant’sCodification of Financial Reporting Policies.

Question12

Inquiry was made as to whether an accoun-tant who certifies financial statements includedin a registration statement or annual report filedwith the commission under the Securities Act orthe Exchange Act would be considered indepen-dent if he had entered into an indemnity agree-ment with the registrant. In the particular illus-tration cited, the board of directors of theregistrant formally approved the filing of a reg-istration statement with the commission andagreed to indemnify and save harmless each andevery accountant who certified any part of suchstatement ‘‘from any and all losses, claims, dam-ages or liabilities arising out of such act or actsto which they or any of them may becomesubject under the Securities Act, as amended, orat ′common law,’ other than for their willfulmisstatements or omissions.’’

Answer

When an accountant and his client, directly orthrough an affiliate, have entered into an agree-ment of indemnity which seeks to assure to theaccountant immunity from liability for his ownnegligent acts, whether of omission or commis-sion, one of the major stimuli to objective andunbiased consideration of the problems encoun-tered in a particular engagement is removed orgreatly weakened. Such condition must fre-quently induce a departure from the standards ofobjectivity and impartiality which the conceptof independence implies. In such difficult mat-ters, for example, as the determination of thescope of audit necessary, existence of such anagreement may easily lead to the use of lessextensive or thorough procedures than wouldotherwise be followed. In other cases it may

result in a failure to appraise with professionalacumen the information disclosed by the exami-nation. Consequently, the accountant cannot berecognized as independent for the purpose ofcertifying the financial statements of the corpo-ration.

Question

Has there been any change in the commis-sion’s long-standing view (Financial ReportingPolicies—Section 600—602.02.f.i., ‘‘Indemnifi-cation by Client’’) that when an accountantenters into an indemnity agreement with theregistrant, his or her independence would comeinto question?

Answer

No. When an accountant and his or her client,directly or through an affiliate, enter into anagreement of indemnity that seeks to providethe accountant immunity from liability for his orher own negligent acts, whether of omission orcommission, the accountant is not independent.Further, including in engagement letters a clausethat a registrant would release, indemnify, orhold harmless from any liability and costsresulting from knowing misrepresentations bymanagement would also impair the firm’sindependence.


1. To review the operations of the bank holdingcompany to determine if an audit programexits.

2. To determine the independence and compe-tence of those who administer and providethe internal and external audit function.

3. To determine the adequacy of the scope andfrequency of the audit program.

4. To determine with reasonable assurance thatthe bank holding company has adequateinternal audit and external audit functionsthat ensure efficient and effective operations,including the safeguarding of assets, reliablefinancial reporting, and compliance withapplicable laws and regulations.

5. To ascertain if the bank holding company’sinternal audit function monitors, reviews, andensures the continued existence and mainte-nance of sound and adequate internal con-trols over the bank holding company’s man-agement process—the control environment,

12. The subtitles in this section have been revised for thismanual.

Audit 2060.1


risk assessment, control activities, informa-tion and communication, and monitoringactivities.

6. To review and evaluate internal audit out-sourcing arrangements and the actions of theoutsourcing vendor under the standardsestablished by the Interagency Policy State-ment on the Internal Audit Function and ItsOutsourcing.

7. To consider the policies, processes, and per-sonnel surrounding the bank holding com-pany’s external auditing program and todetermine the existence of any unsafe andunsound practices or conditions, includingwhether—a. any engagement letter or other agreement

related to external audit activities (1) pro-vides any assurances of indemnification tothe bank’s external auditors that relievesthem of liability for their own negligentacts (including any losses, claims, dam-ages, or other liabilities) or (2) raises anyother safety-and-soundness concerns; and

b. the external auditors have not maintainedappropriate independence in their relation-ships with the bank holding company, inaccordance with relevant professionalstandards.

8. To determine, based on the criteria above, ifthe work performed by internal and externalauditors is reliable.


The primary thrust of the inspection should bedirected toward the audit activities that relate tothe parent company and all subsidiaries. Anassessment of the audit function as it pertains tothe bank (or banks) is primarily the responsibil-ity of the regulatory agency that examines thatparticular bank. The examiner should review thelatest bank examination reports to note com-ments and deficiencies cited concerning internalcontrols and the audit function. In addition toproviding an input into the overall assessmentof the audit function, review of the bank exami-nation reports may provide a basis for determin-ing areas of investigation during the inspection.Further, if matters cited in the latest bank exami-nation report are deemed to be significant andindications are that corrective action has notbeen taken, the examiner should mention thefacts to senior management of the bank holdingcompany and note the details in the inspectionreport.

To judge the adequacy of the audit program,including its scope and frequency, the following

procedures, with equal emphasis being placedon the parent, bank, and nonbank subsidiaries,are recommended as minimum guidelines forthe inspection.1. Review the parent company and nonbank

operations and the audit comments inthe bank examination reports to ascertainthe adequacy of the existing audit programor the need for developing such a program,if the organization currently lacks one.

2. Review the scope of the audit function toensure that procedures are in place to coveradequately those areas that may be suscep-tible to exposure. When reviewing the auditscope, determine whether the auditor wasable to perform all the procedures necessaryto complete the audit. If not—a. establish whether the scope limita-

tions were imposed by the directorshipor management and

b. determine whether the auditor estab-lished and documented the reasons whythe scope limitations were imposed.(1) Was the auditor able to quantify the

effects of the scope limitation on thefinancial statements and the auditresults, and, if not pervasive, was aqualified opinion or disclaimer ofopinion issued?

(2) Did the auditor evaluate all possibleeffects on his ability to express anopinion on the financial statements?

(3) Were there any external circum-stances that imposed limitations onthe audit’s scope?

(4) Were alternative procedures used toaccomplish the same audit objec-tives? If so, did the use of the alterna-tive procedures justify issuance of anunqualified opinion?

3. Review the audit schedule to determine thatthe audits are satisfactorily spaced and thatall functions are audited with adequatefrequency.

4. Review audit workpapers and reports on atest-check basis for adequacy of content,satisfactory maintenance, and conformanceto audit guidelines outlined by the board ofdirectors.

5. Determine the qualifications and back-ground of the auditor and others participat-ing in the audit function.

6. To establish that the auditor has a directcommunication line to the board of direc-tors and freedom of access to all records for

Audit 2060.1


audit purposes, review audit reports andminutes of meetings held by directors or acommittee thereof.

7. Determine the entity responsible for main-taining the audit function. If a bank pro-vides audit services to affiliates, indicate themanner in which the bank is reimbursed forthe cost of such services.

8. Determine whether audit reports are submit-ted on a timely basis to—

a. the directors and senior management and

b. management in the area being audited.

9. Review responses to exceptions and recom-mendations noted in audit reports.

10. Check on the relationship between the inter-nal and any external auditors to determinewhether their activities are coordinated in amanner that effects comprehensive cover-age of the organization and at the same timeavoids duplication of effort.

11. Review the letter addressed to managementby the external auditor and determine thatsteps have been taken to correct any defi-ciencies noted. If no deficiencies were notedin the letter, inquire as to whether suchcomments were communicated to manage-ment by any other means.

12. Ascertain that the audit program is annuallyreviewed and approved by the directors.

13. If the BHC has engaged any external auditfirms to conduct audits of its financial state-ments (including their certification), auditsof internal control over financial reporting,attestations on management’s assessment ofinternal control, appraisals of the BHC’saudit function, or any internal audit or auditfunction or operational review, the exam-iner should:

a. Review the engagement letters (includ-ing past or pending engagement letters)and any agreements between the boardof directors (and the audit committee)and the external auditor, noting anyqualifications that are contained therein.

b. Review any correspondence exchangedbetween the BHC and the external audi-tor, including any letters requesting opin-ions from external auditors. Determine ifBHC management influenced any of theopinions.

c. Ascertain if any of the engagement let-ters restricted the scope of the audit inany way, including whether the letterslimited the degree of reliance to be

placed on the work of the internal auditstaff.

14. Determine if the audit engagement letters orother agreements include possible unsafeand unsound provisions or practices that—a. indemnify the external auditor against

all claims made by third parties;b. hold harmless, release, or indemnify the

external auditor from liability for claimsor potential claims that the BHC mayassert, thus providing relief from liabil-ity for the auditors’ own negligent acts,including any losses, claims, damages,or other liabilities, (other than claims forpunitive damages); or

c. limit the remedies available to the BHC(other than punitive damages).

15. Find out whether the BHC’s board of direc-tors, audit committee, and senior manage-ment closely review all of the provisions ofaudit engagement letters or other agree-ments for providing external auditing ser-vices for the bank before agreeing to sign,thus indicating the BHC’s approval andfinancial commitment.

16. Verify that the BHC has documented itsbusiness rationale for any engagement letteror other agreement provisions with externalaudit firms that limit or impair the BHC’slegal rights.

17. If new external auditors have been engaged,ascertain the reasons for such change.

18. Determine if the parent company or non-bank subsidiaries have reported any defal-cations. If so, determine if adequate con-trols have been initiated to lessen anyfurther risk and exposure.

19. Determine if the BHC’s external auditorsreceived copies of the subsidiary FDIC-insured institution’s examination and otherdesignated supervisory reports and corre-spondence required by section 36(h)(1) ofthe FDI Act.

20. Determine the degree of independence ofthe external audit firm by reviewing anyfinancial ties between the BHC, audit firm,and any of its partners or employees. Alsoreview any other relationships or potentialconflicts of interest that may exist.13

13. The Securities and Exchange Commission (SEC) hasalso released guidance relating to the independence of audi-tors for public institutions. According to SEC Rule 101, theindependence of an auditor would be impaired if there arefinancial, employment, or business relationships betweenauditors and audit clients, or if there are relationships betweenauditors and audit clients in which the auditors provide certainnonaudit services to their audit clients. Much of the languagefound in the SEC’s independence rules is incorporated in the

Audit 2060.1


The independence of the internal auditorshould be evaluated by ascertaining whether thefollowing conditions exist: (1) reports are dis-tributed directly to the board or a committeethereof or, less desirably, to an officer not con-nected with the area being reviewed; (2) thereare no relationships within the organization thatare incompatible with the internal audit func-tion; and (3) severe restrictions are not placedon the program or its scheduling by manage-ment. In order to maintain the degree of objec-tivity essential to the audit function, the exam-iner should establish that the internal auditordoes not install procedures, originate andapprove entries, or otherwise engage in anyactivity that would be subject to audit reviewand appraisal.

The examiner should consider meeting withthe audit committee and the auditor and, subse-quently, with senior bank holding companymanagement to communicate conclusions con-cerning the adequacy of the scope and fre-quency of the audit program. During the discus-sions, the examiner should concentrate ondetailing criticisms or deficiencies noted. Theauditor and senior bank holding com-pany man-agement should be made fully cognizant of theexaminer’s analyses and the comments concern-ing the audit function that will appear on therelevant pages in the inspection report.

2060.1.7 (reserved for future use)

2060.1.8 OVERVIEW:INTERAGENCY ADVISORY ONEXTERNAL AUDITS OFINTERNATIONALLY ACTIVE U.S.FINANCIAL INSTITUTIONS

The federal banking agencies (the agencies)14

issued this interagency advisory to communi-cate the agencies’ support for the principles andexpectations set forth in parts 1 and 2, respec-tively, of the Basel Committee on BankingSupervision’s (the BCBS or the Committee)March 2014 guidance on “External audits ofbanks” (hereafter, referred to as “the BCBSexternal audit guidance”).15

In supporting these principles and expecta-tions, the agencies acknowledge that the exist-ing standards and practices in the United States

are broadly consistent with the BCBS externalaudit guidance. However, because of the legaland regulatory framework in the United States,certain differences exist between the standardsand practices followed in the United States andthe principles and expectations in the BCBSexternal audit guidance. These differences areaddressed in this advisory, which also describesthe agencies’ supervisory expectations for U.S.financial institutions within the scope of thisadvisory for incorporating the principles andexpectations in the BCBS external audit guid-ance into their practices. This advisory alsooutlines examiner responsibilities related tothese supervisory expectations.

The BCBS external audit guidance isintended for “internationally active banks” andis relevant for the management, audit commit-tees, external auditors, and prudential supervi-sors of such financial institutions. The agenciesdefine “internationally active banks” in the advi-sory. (Refer to SR-16-2 and its attachment.)

2060.1.8.1 Appendix A—InteragencyAdvisory on External Audits ofInternationally Active U.S. FinancialInstitutions

Scope

The BCBS external audit guidance is intendedfor “internationally active banks” and is rel-evant for the management, audit committees,external auditors, and prudential supervisors ofsuch financial institutions. For purposes of thisadvisory, the agencies are defining “internation-ally active banks” as:

• Insured depository institutions that meeteither of the following two criteria: (1) con-solidated total assets of $250 billion or more;or (2) consolidated total on-balance sheet for-eign exposure of $10 billion or more (referredto as “core banks”); and

• U.S. depository institution holding companiesthat meet any of the following three criteria:(1) consolidated total assets (excluding assetsheld by an insurance underwriting subsidiary)of $250 billion or more; (2) consolidated totalon-balance sheet foreign exposure of $10 bil-lion or more; or (3) have a subsidiary deposi-tory institution that is a core bank.

Interagency Policy Statement on the Internal Audit Functionand Its Outsourcing. (See section 2060.05.)

14. The Board of Governors of the Federal Reserve Sys-tem, the Federal Deposit Insurance Corporation, and theOffice of the Comptroller of the Currency.

15. See www.bis.org/publ/bcbs280.pdf.

Audit 2060.1


http://www.bis.org/publ/bcbs280.pdf

In the United States, core banks are subject to12 CFR 363, the Federal Deposit InsuranceCorporation’s (FDIC) regulation on AnnualIndependent Audits and Reporting Require-ments.16 Core banks typically comply with 12CFR 363 requirements at a holding companylevel. In addition, these holding companies gen-erally are public companies that are required tofile annual, quarterly, and other periodic reportswith the U.S. Securities and Exchange Commis-sion (SEC). The Public Company AccountingOversight Board (PCAOB) regulates the exter-nal auditors of these public companies.

Background

In March 2014, the Committee published theBCBS external audit guidance to improve theexternal audit quality of banks and enhance theeffectiveness of prudential supervision, whichcontributes to financial stability. The BCBSexternal audit guidance elaborates on Core Prin-ciple 27, Financial Reporting and ExternalAudit, of the Committee’s Core Principles forEffective Banking Supervision17 by providingguidance related to bank audit committees’responsibilities in overseeing the external auditfunction. This guidance also discusses pruden-tial supervisors’ relationships with externalauditors of banks and audit oversight bodies.Additionally, the BCBS external audit guidanceincludes information relevant to external auditsof financial statements that the Committeebelieves will enhance the quality of these exter-nal audits.

The BCBS external audit guidance has twoparts:

• Part 1 provides guidance (principles) on theroles and responsibilities of audit committeesrelevant to external audits and the engage-

ment of bank supervisors with external audi-tors and external auditors’ regulators.

• Part 2 of the document (expectations) empha-sizes the proper application of existing inter-nationally accepted auditing standards. TheBCBS external audit guidance also providesrecommendations for procedures that externalauditors could perform in the execution ofbank audits to enhance audit quality.18

Supervisory Expectations Regarding theDifferences Between U.S. Standards andPractices and the BCBS External AuditGuidance

The BCBS external audit guidance builds uponinternationally accepted auditing standards andsets expectations for institutions and their exter-nal auditors. In the United States, financial insti-tutions within the scope of this advisory aredirectly or indirectly subject to the audit require-ments of 12 CFR 36319 and supervisory guid-ance related to audits of financial institutions.20

In order for a core bank to comply with theaudited financial statements requirement of 12CFR 363 at a public holding company level, theaudit must be performed in accordance withPCAOB standards. The 12 CFR 363 auditrequirements, supervisory guidance, andPCAOB standards, collectively, are generallyconsistent with the BCBS external audit guid-ance, except for the differences noted below.This advisory discusses the agencies’ supervi-sory expectations regarding these differenceswith reference to the corresponding principlesfrom part 1 and expectations from part 2 of theBCBS external audit guidance.

Part 1, Principle 2: The audit committee shouldmonitor and assess the independence of theexternal auditor.

Paragraph 49 of the BCBS external audit guid-ance indicates that an institution’s audit commit-tee should have a policy in place that stipulatesthe criteria for “tendering,” i.e., putting its exter-nal audit contract out for bid. This paragraphfurther states that the policy also should call for

16. 12 CFR 363 applies to any insured depository institu-tion with respect to any fiscal year in which its consolidatedtotal assets as of the beginning of such fiscal year are $500million or more.

17. The Committee’s Core Principles are available atwww.bis.org/publ/bcbs230.pdf. In particular, Core Principle27 states, “The supervisor determines that banks and bankinggroups maintain adequate and reliable records, prepare finan-cial statements in accordance with accounting policies andpractices that are widely accepted internationally and annu-ally publish information that fairly reflects their financialcondition and performance and bears an independent externalauditor’s opinion. The supervisor also determines that banksand parent companies of banking groups have adequate gover-nance and oversight of the external audit function.”

18. The BCBS external audit guidance acknowledges thatthe Committee does not have the authority to set professionalstandards for external auditors.

19. 12 CFR 363.3(f) requires external auditors to complywith the independence standards and interpretations of theAmerican Institute of Certified Public Accountants, the SEC,and the PCAOB.

20. For example, Interagency Policy Statement on Coordi-

nation and Communication Between External Auditors and

Examiners (July 23, 1992).

Audit 2060.1


http://www.bis.org/publ/bcbs230.pdf

the audit committee to periodically considerwhether to put the external audit contract out forbid. Consistent with 12 CFR 363, the bankingagencies encourage audit committees to estab-lish policies and procedures addressing theretention and remuneration of the external audi-tor (independent public accountant).21 In addi-tion, the external auditors of insured depositoryinstitutions subject to 12 CFR 363 must complywith the SEC’s rules regarding audit partnerrotation. Audit committees are encouraged toconsider whether their policies should explicitlyaddress the criteria for tendering the audit con-tract and whether the contract should periodi-cally be put out for bid.

Part 1, Principle 6: The supervisor and theexternal auditor should have an effective rela-tionship that includes appropriate communica-tion channels for the exchange of informationrelevant to carrying out their respective statu-tory responsibilities.

and

Part 1, Principle 7: The supervisor shouldrequire the external auditor to report to itdirectly on matters arising from an audit thatare likely to be of material significance to thefunctions of the supervisor.

Paragraphs 95 and 96 of the BCBS externalaudit guidance indicate that the auditor mayshare information about the external audit of aninstitution that may be of interest to the deposi-tory institution’s supervisor (e.g., significantrisks of material misstatements, significant orunusual transactions, evidence of managementbias, significant deficiencies or material weak-nesses in internal control over financial report-ing, and actual or suspected breaches of regula-tions or laws22), either (1) directly with thesupervisor when a safe harbor exists or (2)indirectly through the institution to the supervi-sor when a legal safe harbor does not exist.Paragraph 99 of the BCBS external audit guid-ance provides that the external auditor shouldcommunicate matters arising from the audit thatmay be of material significance to the supervi-sor when required by the legal or regulatory

framework or by a formal agreement or proto-col. According to the BCBS external audit guid-ance, “[a] matter or group of matters is normallyof material significance ... when, due either toits nature or its potential financial impact, it islikely of itself to require investigation by theregulator.”23

There is no generally applicable legal or regu-latory requirement in the United States for exter-nal auditors of banks and holding companies toreport directly to the institution’s primary fed-eral (and, if applicable, state) supervisor mattersarising from the audit that may be of materialsignificance, nor is there a legal safe harbor todo so. Insured depository institutions subject to12 CFR 363 are required to file with appropriatefederal and state supervisors copies of reportsand other written communications issued by theexternal auditor to the institution in connectionwith the external audit services provided to theinstitution. Consistent with interagency policystatements24 and practices, the agencies con-tinue to encourage open and candid communica-tion between an institution’s external auditorand the institution’s supervisors.

Part 2, Expectation 5: The external auditor of abank should identify and assess the risks ofmaterial misstatement in the bank’s financialstatements, taking into consideration the com-plexities of the bank’s activities and the effec-tiveness of its internal control environment.

and

Part 2, Expectation 6: The external auditor of abank should respond appropriately to the sig-nificant risks of material misstatement in thebank’s financial statements.

Paragraphs 157 and 168 of the BCBS externalaudit guidance set forth the Committee’s expec-tations for external auditors to (1) consider regu-latory ratios in the determination of materialityfor the audit, and (2) evaluate any identifiedaudit differences, errors, and adjustments andtheir effect on regulatory capital or regulatorycapital ratios. PCAOB standards25 and SECStaff Accounting Bulletin Topic 1.M, Material-

21. 12 CFR 363.5(a) states, “The duties of the audit com-mittee shall include the appointment, compensation, and over-sight of the independent public accountant who performsservices required under this part, and reviewing with manage-ment and the independent public accountant the basis for thereports issued under this part.”

22. See also paragraphs 90-94 of the BCBS external auditguidance.

23. See footnote 9 in the BCBS external audit guidance.24. See footnote 6 of this advisory.25. See PCAOB Auditing Standard No. 11, Consideration

of Materiality in Planning and Performing an Audit, para-graph 6, and PCAOB Auditing Standard No. 14, EvaluatingAudit Results, appendix B, paragraph B2.

Audit 2060.1


ity, indicate external auditors should considerqualitative factors (which include regulatorycapital, ratios, and disclosures) in determiningmateriality and when evaluating the effect ofaudit differences, errors, and adjustments.Therefore, the agencies expect institutions’ auditcommittees will ensure that their external audi-tors consider regulatory capital ratios in plan-ning and performing the audit. In this regard,audit committees are encouraged to inquire as tohow the external auditors factored these ratiosinto their materiality assessments.

Additionally, paragraph 166 of the BCBSexternal audit guidance recommends that theexternal auditor provide written feedback aboutthe audit engagement team’s relations with theinstitution’s internal audit function, including itsobservations on the adequacy of the work ofinternal audit, to those charged with governanceof the bank. PCAOB Auditing Standard No. 16,Communications with Audit Committees,requires the external auditor, as part of commu-nicating the overall audit strategy, to explain theextent to which the auditor plans to use the workof internal audit in an audit of the financialstatements or an audit of internal control overfinancial reporting. However, PCAOB standardsdo not require the external auditor to providewritten feedback about the audit engagementteam’s relations with the institution’s internalaudit function, including its observations on theadequacy of the work of internal audit. Theagencies encourage audit committees to con-sider requesting their external auditor to providewritten feedback about the audit engagementteam’s relations with internal audit, including itsobservations on the adequacy of the work ofinternal audit, as it relates to the audit of thefinancial statements or the audit of internal con-trol over financial reporting.

Furthermore, consistent with the March 2003Interagency Policy Statement on the InternalAudit Function and Its Outsourcing, an institu-tion’s audit committee should consider whether

the institution’s internal audit activities are con-ducted in accordance with professional stan-dards, such as the Institute of Internal Auditors’(IIA) International Professional PracticesFramework (previously known as the Standardsfor the Professional Practice of Internal Audit-ing). Audit committees may look to the IIA’sFramework for guidance for both internal andexternal assessments of the internal audit func-tion.

Examiner Responsibilities

Examiners should evaluate any actions taken byinstitutions within the scope of this advisory andtheir audit committees to ensure such actionsare consistent with the objectives of this advi-sory and the BCBS external audit guidance.Where there are differences between the BCBSexternal audit guidance and U.S. standards,examiners should encourage institutions’ auditcommittees to follow the practices identified inthis advisory.

Conclusion

External auditors play an important role in con-tributing to financial stability when they deliverquality audits, which foster market confidencein institutions’ financial statements. Qualityaudits are also a valuable complement to thesupervisory process. The agencies support theprinciples and expectations set forth in theBCBS external audit guidance becauseenhanced audit quality is an important factor inensuring the safety and soundness of U.S. insti-tutions. Institutions and their external auditorsare expected to comply with existing laws, regu-lations, and professional standards, as applica-ble, including those referenced in this advisory.

Audit 2060.1


Management Information Systems(Budget) Section 2060.2

An assessment of management’s strategic plansand its success in meeting previously estab-lished budgetary goals is one of the factorsconsidered in evaluating a BHC’s management,operations, financial condition, and prospects.1

Through review of the budget figures, insightcan be gained concerning an organization’sfuture plans and other matters such as capitaladequacy, liquidity, sources and applications offunds, level and quality of earnings, and perfor-mance of management.

The budget is a coordinated financial planused to estimate and control all or a few of theactivities of the various divisions or subsidiariesin a bank holding company. Based on an assess-ment of future economic developments and con-ditions, management formulates a plan of actionand indicates anticipated changes in the balance-sheet accounts and profitability (predicated onimplementation of the plan). The budget is asignificant management tool in that it projectsexpected results and also serves as an importantcheck on management decisions and perfor-mance by providing a basis for comparison andcorrective action on a timely basis. The com-parison of actual performance to budget allowsmanagement to give careful attention to variouspossible courses of action and to choose thecourse which should result in the greatest bene-fit. Budgeting is also useful in measuring theperformance of individuals and the departmentsthey manage. Further, the comparison of budgettotals to actual changes in activities such asloans, investments, and deposits assists in deci-sion making and can promote coordination andcooperation among affiliates. The variance indi-cated by the comparison process may be con-strued as a measure of management’s perfor-mance and planning record and its relationshipto the organization’s goals and objectives. Itshould be noted that some significant variancesmay be caused by factors beyond management’scontrol or factors that could not reasonably beanticipated.

While various individuals may be responsiblefor input to the budget process, the chief execu-tive officer typically has the ultimate responsi-bility for preparation and implementation of theformal budget. The time period covered by abudget typically encompasses one year,although it often covers longer periods in thelarger, more sophisticated bank holding compa-nies. The longer the budget period, the greaterare the prospects for increased variances fromoriginal budget figures. In some cases in whichfour- or five-year projections are made, bankholding companies may formulate several fore-casts based on different sets of assumptions. Insuch instances, the examiner should work withthe ‘‘most likely’’ situation that may evolvebased on economic trends, history, andexperience of the organization, but should alsogive serious consideration to the ‘‘worst-case’’projections.

Many bank holding companies, particularlythe smaller organizations, may not have formalwritten budgets or plans. In small shell compa-nies, while it is not essential to have a formalbudget, budgeting procedures should be encour-aged where appropriate. Budgeting at the parentlevel could be appropriately limited to debt-servicing and dividend considerations.


1. To determine the extent of an organiza-tion’s financial planning and budget program.

2. To indicate to management of organiza-tions that are without formal planning proce-dures the advantages of adopting a budget.

3. To understand the institution’s decision-making process as it relates to the budget.

4. To determine the causes of significantvariances between the budget and actualperformance.

5. To assess the reasonableness of projectedfigures, including controls over the datathroughout the budgeting process.

6. To assess the impact of the budget on thepresent condition and future prospects of thebank holding company.

7. To determine whether the plan outlined inthe budget is supported by the finan-cial and managerial resources of the holdingcompany.

1. Thestragetic planning processfocuses on intermediateand long-term strategic goals and is the vehicle used todetermine the overall direction and focus of the organization.Thebudgeting processrefers to the tactical decisions requiredto meet goals and objectives. The budget is a subset of thestrategic plan. While smaller bank holding company organiza-tions may not always have formal written budgets, all organi-zations should have a strategic planning process, which deter-mines overall corporate direction, general resource allocation,and balance-sheet relationships with respect to capital needs,growth, asset mix, and risk.



1. Familiarity with a bank holding compa-ny’s financial condition and results of opera-tions should begin before the start of the inspec-tion with a review of the annual report toshareholders, financial reports submitted to theFederal Reserve System, and other financialdocumentation contained in the files. The moresignificant accounts, statistical data, and perti-nent ratios should be compared on a period-to-period basis to highlight significant changes anddiscern trends.

2. The examiner also should become familiarwith current and projected economic conditions,both nationally and locally, including generalindustry conditions.

3. Based on a review of the aforementioneddata, the examiner should be in a position tosubstantiate the reasonableness of budgeted fig-ures without a systematic examination of all ofthe transactions affecting the figures presented.Further, such an analysis provides a betterunderstanding of the operation and highlightsmatters of interest and potential problem areasto be investigated during the inspection.

4. Throughout the review process, the exam-iner must maintain a sense of perspective toavoid spending excessive time on relativelyimmaterial amounts.

5. The examiner should meet with the officerresponsible for the preparation of the budget todetermine the scope of the organization’s finan-cial plans. The extent of senior management’sand the board of directors’ involvement in thestrategic planning and budgeting process shouldalso be ascertained in this preliminary meeting.

6. Workpapers which document or illustratethe rationale for the budget data should bereviewed and discussed with budget personnel,including the existence and extent of internalcontrols over the data.

7. The examiner should evaluate plans, pro-jections, and forecasts in light of market-areacharacteristics and the present condition andhistory of the organization.

8. The examiner should determine whetherthe accounting principles of major importancehave been applied consistently and, if not, theimpact of the alternative accounting treatmenton the budget totals.

9. The sources of input for the budget shouldbe reviewed and the frequency and proceduresfor effecting revision should be ascertained.

10. When there are significant budget vari-ances, the examiner should seek documentedexplanations. Review any such documentationto determine if management policy or factorsbeyond management control were responsiblefor the variances.

11. A final summary discussion should beheld with management to discuss goals whichthe examiner believes may be unattainable andto communicate conclusions concerning thebudget. Due consideration should be given tomanagement’s views, whether or not in concur-rence with the examiner’s conclusions. If man-agement indicates future changes which couldhave a significant impact on the organization,the matter should be noted in the inspectionreport. Further, management’s assessment of theeffect of contemplated action on the operationsand financial condition of the bank holding com-pany should be noted.

12. For those bank holding companies thatdo not have formal written plans, the examinershould obtain from senior management informa-tion on their plans for matters such as growthand expansion, capital injections, debt retire-ment, and changes in sources of funding. Exceptfor small, shell companies, the examiner shouldrecommend adoption of a budget program andemphasize the need for strategic planning byindicating how management methods may beimproved as a result of a logically conceivedand properly operated budget. Budgets and plan-ning are especially important in cases in which abank holding company is losing its share of themarket or in which inefficiencies are depressingprofitability.

Management Information Systems (Budget) 2060.2


Management Information Systems(Records and Statements) Section 2060.3

Adequate and accurate records and financialstatements are an integral part of a sound bankholding company operation. Records should bemaintained to allow preparation of financialstatements in accordance with generallyaccepted accounting principles and to ensureproper accountability for all assets, liabilities,income, and expenses. Generally, an indepen-dently certified statement inspires greater confi-dence than a statement prepared internally.Moreover, an unqualified, independently certi-fied statement may act as a check on manage-ment recordkeeping policies and procedures,and provide more assurance that transactions arebeing properly recorded and that books accu-rately reflect overall financial condition.

Management may exercise reasonable discre-tion in selecting and adopting the type of booksand records it uses and in formulating account-ing systems and bookkeeping procedures. Fromthe examiner’s viewpoint, the test of a bankholding company’s records is one of adequacy,consistency, and accuracy. The financial state-ments of every bank holding company mustaccurately reflect financial condition and operat-ing results. This principle is applicable whethera bank holding company is small and has arelatively simple bookkeeping system orwhether it is a larger institution with a fullyautomated system. A recordkeeping system thatis capable of generating a wide variety of perti-nent internal data and other information facili-tates problem solving and decision making and,thus, contributes to the efficiency of a bankholding company’s operations. Further, such asystem serves as a convenient tool to providedirectors, stockholders, and other interested par-ties with information on conditions in a bankholding company.


1. To determine whether financial statementsare prepared in accordance with generallyaccepted accounting principles and are suffi-ciently detailed to accurately portray the compa-ny’s financial condition.

2. To determine that sufficient records aremaintained to provide detail on materialbalance-sheet items, income-statement items,and various contingent liabilities and off-balance-sheet risks that permit the preparationof appropriate financial information.

3. To recommend corrective action whenpolicies and procedures employed have resultedin inadequate or inaccurate records and financialstatements.


1. The examiner should review the sectionsrelating to audit and records in the prior inspec-tion report and the latest examination reports ofthe subsidiary banks to note any comments ordeficiencies cited concerning records, includingany MIS deficiencies. In addition to providingan input into the overall assessment of the qual-ity of records, the review may provide a basisfor determining areas of emphasis and follow-upduring the inspection.

2. The examiner should discuss recommen-dations and criticisms contained in such reportswith an appropriate officer to ascertain whatchanges, if any, have taken place.

3. The examiner should review the externalauditing firm’s management letter, giving par-ticular attention to comments concerning rec-ordkeeping. Determine if any corrective actionswere recommended by the external auditors andthe extent to which the cited items have beencorrected.

4. In those situations when it appears thatrecords are deficient or financial statements areinaccurate, a thorough investigation of applica-ble transactions may be required. The purposeof the investigation is to obtain informationneeded in outlining improved controls overMIS, accounting methods, and records so thatthe financial data presented are in accordancewith generally accepted accounting principles.Thus, information is provided which will betterserve bank holding company management. Theinvestigation should not necessarily involve areview of every transaction, but should involvea check of a sufficient number of transactions toensure the examiner that the records, aschecked, reflect an accurate financial condition.The extent of the review will depend largely onthe procedures and controls over MIS and thecondition and adequacy of the books and under-lying records. During the investigative process,the examiner should be careful to distinguishbetween documented facts and statements ofintent or interpretations set forth by companyrepresentatives.


Management of Information Systems(Structure and Reporting) Section 2060.4

The directorate and management of bank hold-ing companies have a responsibility to contrib-ute to the health and growth of the organizationthey serve. To carry out this responsibility effec-tively, they must be kept fully informed of con-ditions throughout the organization and trendswithin the banking industry. Reporting is theprocess of developing and communicating infor-mation internally to directors and managementand externally to shareholders and regulatoryauthorities. Management and the board of direc-tors must recognize that as a company developsand grows, its environment, strategic goals, andinformation needs change. The guidelines andrequirements for reports flowing to managementand the board of directors should be establishedand allow for change, recognizing the fact thatinformational needs can vary, including those atdifferent levels of the organization.

Informational needs will also be dictated bythe particular type of management structure inplace—centralized, decentralized, legal entity,or business line. The ultimate decision-makingresponsibility rests with the corporation’s boardof directors, and the responsibility for imple-menting their decisions rests with designatedboard committees, executive management, orother designated management committees orindividuals. As such, examiners should make anassessment of the qualifications of the personson the board of directors, executive manage-ment staff, and the board and executive manage-ment committees to ensure that they have thenecessary knowledge, experience, and expertiseto understand the information presented and toact on it constructively. The assessment shouldinclude a review of reporting lines to identifyinformation flows and the various decision-making levels involved or needed.

All reports flowing to executive management,board committees, and the board of directorsshould be analyzed for clarity, consistency,timeliness, quality, and coverage of crucial areasof the organization. A review of board andcommittee minutes should reveal if participantshad any questions or whether there were anyuncertainties as to the meaning of the datapresented.

Each bank holding company prepares variousreports for submission to its management anddirectors; an effective internal reporting systemfacilitates their ability to analyze a situation andto make informed decisions. Although suchreports may vary in content from company tocompany, emphasis is generally placed on thefinancial data generated. The important consid-

eration is whether each company is providingsufficient data to keep the interested partiesinformed of the financial condition and perfor-mance of all the divisions or entities. The fre-quency of the reporting and the detail of infor-mation provided can be categorized as being ona need-to-know basis. The form of reportsranges from consultations and meetings to sub-mission of printed material for study and review.The scope and size of the operations will havean effect on the frequency and detail of theinformation submitted. In the larger, moresophisticated companies, frequent meetings andconsultations are held to discuss the perfor-mance of various entities, the impact of perfor-mance on the organization’s goals and objec-tives, and policies and strategies to be followed.Written reports outlining important matters andsummarizing various financial data are typicallyreviewed and discussed regularly.

The number and variety of reports dependson the size and sophistication of the bank hold-ing company operation. For smaller bank hold-ing companies, the extent of their reports maybe limited to annual statements, as more fre-quent periodic reports may not be necessaryunder normal conditions. The larger holdingcompanies normally prepare monthly compara-tive balance sheets and income statements cov-ering similar periods for two consecutive years.Thus, any significant deviation from the prioryear’s data can be readily detected. Generally,reports detailing the extent of delinquent andnonaccrual loans are prepared monthly. Factsand figures pertaining to the adequacy of theloan-loss provision are presented periodically.Additional reports containing information onbudgets, cash flow, liquidity, and capitaladequacy are prepared to assist management inassessing the organization’s overall financialcondition and performance. Summaries of inter-nal audit reports and reports of examinations ofsubsidiary banks are brought to management’sattention. Data relative to other bank holdingcompanies or banks in the same peer groups areassembled, when available, so that comparisonswith similarly sized organizations are possible.All of the aforementioned information may beprepared for directors, although not necessarilyin as much detail as that submitted to manage-ment. On occasion, key management personnelof the holding company attend directors’ meet-ings to expand on the topics being discussed.


Reports to shareholders usually consist ofquarterly and annual reports which detail thecompany’s financial condition and results ofoperations. Additional information may includethe chief executive officer’s overall assessmentof the company, future plans, and other financialand analytical data. The financial information isused for public disclosure and enables investors,depositors, and creditors to make informed judg-ments concerning the financial condition of thebank holding company. Bank holding compa-nies whose securities have been registered pur-suant to the Securities and Exchange Act of1934 are required to prepare various reportscontaining specific financial information.


1. To review the organizational structure todetermine the various levels of decision-making and reporting lines, including boardand executive management committees.

2. To determine whether the bank holding com-pany has written policies and procedures,and internal controls covering the types ofreports required to be submitted to manage-ment and the directors.

3. To determine that the required reports areadequate to accurately reflect the financialcondition and performance within the organi-zation’s divisions and units and whether thereporting systems and reports are adequate tomonitor the risks therein.

4. To evaluate whether the reports and report-ing systems are adequate to measure andreflect the company’s financial position andperformance in all areas, to measure the com-pany’s progress in meeting its financial andbusiness goals, and to monitor inherent risks.

5. To determine that the contents of the reportsare complete and submitted on a timely basis.

6. To recommend corrective action whenreporting practices, policies, or proceduresare deficient.

7. To evaluate management’s procedures forreacting to elevated risk, weaknesses, or defi-ciencies disclosed by reporting systems, andto evaluate the system’s ability to adapt tochange caused by regulatory and accountingissues or other market conditions.


1. Review the organizational structure to deter-mine reporting lines and the various levels ofdecision making, risk assessment, andcontrols.

2. Ascertain whether any corporate policiesaddress risk managment or internal reportingrequirements and determine:a. the types of reports required to be

submitted andb. the adequacy of such reporting require-

ments in light of a company’s particularcircumstances.

Comment: In a holding company with adecentralized system of control over subsid-iaries, the existence of written policies andprocedures is important since each subsidi-ary operates as a relatively autonomous unit.

3. Obtain a listing of internal reports that aresubmitted to corporate executive manage-ment and the board of directors (includingpackages for the board of directors andexecutive committees).

4. Randomly sample, based on a material riskfocus, the individual as well as the varioustypes of management reports and determinewhether they are adequately prepared inaccordance with established policies and pro-cedures and submitted to the appropriateindividuals on a timely basis. Determinewhether the management reports are suffi-cient to measure the company’s progress inachieving its financial and business goals andforecasts.

5. Identify and document management proce-dures for reacting to elevated risk, weak-nesses, or deficiencies disclosed by MIS.Also evaluate the ability of the informationsystem to handle regulatory and accountingissues and to adapt to change.

6. At the conclusion of the review process, theexaminer should discuss with management,as appropriate, topics such as—a. the lack of established policies and proce-

dures and internal controls,b. inadequate reporting requirements, andc. noncompliance with reporting require-

ments and/or the untimely submission ofreports.

Management of Information Systems (Structure and Reporting) 2060.4




Registration, reports, andexaminations or inspections

225.5

Reporting requirementsemanating from theSecurities Exchange Act of1934

15 USC 78aet seq.



Management of Information Systems (Structure and Reporting) 2060.4


Management Information Systems(Insurance) Section 2060.5

2060.5.1 INTRODUCTION

In establishing an insurance program, a bankholding company should be aware of where it isexposed to loss, the extent to which insurance isavailable to cover potential losses and the costof such insurance. These various factors shouldbe weighed to determine how much risk thebank holding company will assume directly. Inassessing the extent of risk an organization iswilling to assume, it is important to analyze theimpact of an uninsured loss not only on theentity where the loss occurs, but also on theaffiliates and the parent. Once appropriate cover-age has been acquired, procedures should beestablished for the periodic review of the pro-gram to assure the continuing adequacy of thecoverage. Particularly for larger BHCs, theseprocedures should include at least an annualreview of the program by the board of directorsof the parent organization.Insurance is a highly specialized field and no

attempt is made here to discuss all the varioustypes and forms of insurance coverage that areavailable to financial institutions. Examiners arenot expected to be insurance experts; however,examiners should recognize that a financial or-ganization’s primary defenses against loss in-clude adequate internal controls and proceduresand that insurance is intended to complement,not replace, an effective system of internal con-trols. Thus, an overall appraisal of the controlenvironment becomes a significant consider-ation in assessing the adequacy of the insuranceprogram. To the extent controls are lacking, theneed for additional coverage increases.

2060.5.2 BANKER’S BLANKET BOND

The most important and comprehensive insur-ance coverage available is the bankers’ blanketbond which is usually extended to encompassall the entities in a bank holding company struc-ture. Generally, the scope of the blanket bondcontract is intended to cover risks of loss due tocriminal acts, such as embezzlement, burglary,robbery, theft, larceny, forgery, etc., but in addi-tion it provides indemnity for loss of propertythrough damage, destruction, misplacement andmysterious, unexplainable disappearance. Themost important item of protection under thebond, however, is the blanket fidelity coveragefor officers and employees.

2060.5.3 TYPES OF BLANKET BONDS

While there are several similar forms of blanketbonds in use, those commonly found are theFinancial Institutions Bond Standard Form No.24, the Bankers Blanket Bond Standard FormNo. 2, and Lloyd’s Banks’ and Trust Compa-nies’ Policy HAN Form (C). Under these blan-ket forms, every employee is usually coveredfor the total amount of the bond. Typically, newemployees and new offices are automaticallycovered and no notice is required for an increasein the number of employees or in the number ofoffices established, unless such increases resultfrom a merger or consolidation with anotherinstitution. The word ‘‘blanket,’’ however, refersto the over-all amount that applies to the severalspecified risks covered under the bond and isnot intended to mean ‘‘all risks’’ coverage. Amost important feature of the bankers’ blanketbond is the ‘‘discovery rider.’’ The rider, whichconverts the blanket bond from a ‘‘loss sus-tained basis’’ to a ‘‘discovery basis,’’ providesindemnity against any loss sustained by the in-sured entity at any time but discovered after theeffective date of the bond and prior to the termi-nation or cancellation of the bond, even thoughlower amounts of insurance and more restrictivecoverage may have been carried when the losswas actually sustained.

2060.5.4 DETERMINING THECOVERAGE NEEDED

One of the most difficult insurance problemsmanagement faces is the determination of theamount of blanket bond coverage that should bemaintained. An estimate of the maximumamount of money and securities that may be lostthrough burglary or robbery can be calculatedwith reasonable accuracy, but the potential lossresulting from dishonest acts of officers andemployees is not easily measured. The Insur-ance and Protective Committee of the AmericanBankers Association has conducted several stud-ies of the problems of determining adequatecoverage and has concluded that total depositsrepresent the most appropriate item in bankfinancial statements upon which to base an esti-mate of a reasonable or suitable amount ofblanket bond coverage.


In a bank holding company structure, theamount of blanket bond coverage is generallydetermined by the deposits of the largest bankand the amount of suggested coverage in theABA’s schedule. Such an amount is consideredto be a minimum and other factors such as arapidly expanding operation, excessive cash onhand, or inferior audit and control practices maysuggest the need for larger coverage. Since cov-erages are generally extended to include thenonbank subsidiaries and such subsidiaries usu-ally operate on a smaller scale than their affili-ated banks, the question concerning the ade-quacy of the amount of the blanket bondcoverage for a nonbank subsidiary is more eas-ily addressed and is typically a function of theparent’s and the bank’s coverage.

2060.5.5 NOTIFICATION OF LOSS

When submitting a claim, most blanket bondshave provisions which require a report to besubmitted within a specified period after a re-portable item comes to the attention of manage-ment. Occasionally, items are not reported to thebonding company because of uncertainty as towhether the incident constitutes a reportableitem. Failure to report in a timely manner couldinvalidate the claim and jeopardize existing cov-erages. Thus, it should be emphasized to man-agement that any questionable items should bereported.

2060.5.6 DIRECTORS’ ANDOFFICERS’ LIABILITY INSURANCE

Directors’ and Officers’ Liability Insurance(‘‘DOL Insurance’’) insures the Directors andOfficers againstpersonalliability resulting fromclaims of alleged negligence, wrongful acts, er-rors and omissions, etc. This insurance is notincluded in the blanket bond or other standardfidelity coverage.


1. To determine the scope and extent of in-surance coverages for the various entities in theorganization.

2. To determine the adequacy of insurancecoverage after giving due consideration to theoverall control environment and factors such asthe organization’s claim experience and costsassociated with various coverages.3. To ascertain that a comprehensive review

of the insurance program is conducted periodi-cally by management and at least annually bythe board of directors and entered into the min-utes.4. To determine the entity(ies) responsible

for paying the premiums and the manner inwhich such payments are allocated among theaffiliates that receive the coverage benefits.5. To determine if procedures are in place to

assure that claims are filed promptly.


1. The prior year’s inspection report shouldbe reviewed for comments relative to controlsand insurance. The examiner should note thetypes and extent of coverages, comments con-cerning the control environment and any defi-ciencies related to the administration of the in-surance program and the coverages in force.2. A similar review encompassing the latest

examination reports of all major affiliated banksshould be conducted. The review process isintended to provide a basis for determining areasof emphasis and follow-up during the inspec-tion. The examiner need not re-examine theinsurance program or the controls in force in theindividual banks.3. The examiner should meet with the officer

responsible for maintaining the insurance poli-cies and related documentation and ascertain thelocation of such policies and documentation.Review any independent review of coveragesand any deficiencies that may have been citedby the internal or external auditors.4. Review the manner and frequency of pre-

sentations to the board of directors of the insur-ance coverage.

Management Information Systems (Insurance) 2060.5


intercompany transactions section 2020 - federal reserveintercompany transactions (transactions...

Documents