

[Federal Register: May 16, 2006 (Volume 71, Number 94)]
[Notices]               
[Page 28326-28334]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr16my06-76]                         


[[Page 28326]]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

[Docket No. 06-06]

Office of Thrift Supervision

[No. 2006-20]

FEDERAL RESERVE SYSTEM

[Docket No. OP-1254]

FEDERAL DEPOSIT INSURANCE CORPORATION

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-53773; File No. S7-08-06]

 
Interagency Statement on Sound Practices Concerning Elevated Risk 
Complex Structured Finance Activities

AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC); 
Office of Thrift Supervision, Treasury (OTS); Board of Governors of the 
Federal Reserve System (Board); Federal Deposit Insurance Corporation 
(FDIC); and Securities and Exchange Commission (SEC) (collectively, the 
Agencies).

ACTION: Notice of revised interagency statement with request for public 
comment.

-----------------------------------------------------------------------

SUMMARY: On May 19, 2004, the Agencies issued and requested comment on 
a proposed Interagency Statement on Sound Practices Concerning Complex 
Structured Finance Activities (``Initial Statement'') of national 
banks, state banks, bank holding companies, Federal and state savings 
associations, savings and loan holding companies, U.S. branches and 
agencies of foreign banks, and SEC registered broker-dealers and 
investment advisers (collectively, ``financial institutions'' or 
``institutions''). The Initial Statement described some of the internal 
controls and risk management procedures that may help financial 
institutions identify, manage, and address the heightened reputational 
and legal risks that may arise from certain complex structured finance 
transactions (``CSFTs''). After reviewing the comments received on the 
Initial Statement, the Agencies are requesting comment on a revised 
proposed interagency statement (``Revised Statement''). The Revised 
Statement has been modified in numerous respects to address issues and 
concerns raised by commenters, clarify the purpose, scope and effect of 
the statement, and make the statement more principles-based. These 
changes include reorganizing and streamlining the document to reduce 
redundancies and to focus the statement on those CSFTs that may pose 
heightened levels of legal or reputational risk to the relevant 
institution (referred to as ``elevated risk CSFTs''). In addition, the 
Agencies have modified the examples of transactions that may present 
elevated risk to make these examples more risk-focused, and have 
recognized more explicitly that an institution's review and approval 
process for elevated risk CSFTs should be commensurate with, and focus 
on, the potential risks presented by the transaction to the 
institution. As discussed below, the Revised Statement will not affect 
or apply to the vast majority of small financial institutions, nor does 
it create any private rights of action.

DATES: Comments on the Revised Statement should be received on or 
before June 15, 2006.

ADDRESSES:
    OCC: You should include OCC and Docket Number 06-06 in your 
comment. You may submit comments by any of the following methods:
     Federal eRulemaking Portal: http://www.regulations.gov. 

Follow the instructions for submitting comments.
     OCC Web site: http://www.occ.treas.gov. Click on ``Contact 

the OCC,'' scroll down and click on ``Comments on Proposed 
Regulations.''
     E-mail address: regs.comments@occ.treas.gov.
     Fax: (202) 874-4448.
     Mail: Office of the Comptroller of the Currency, 250 E 
Street, SW., Mail Stop 1-5, Washington, DC 20219.
     Hand Delivery/Courier: 250 E Street, SW., Attn: Public 
Information Room, Mail Stop 1-5, Washington, DC 20219.
    Instructions: All submissions received must include the agency name 
(OCC) and docket number or Regulatory Information Number (RIN) for this 
notice of proposed rulemaking. In general, OCC will enter all comments 
received into the docket without change, including any business or 
personal information that you provide.
    You may review comments and other related materials by any of the 
following methods:
     Viewing Comments Personally: You may personally inspect 
and photocopy comments at the OCC's Public Information Room, 250 E 
Street, SW., Washington, DC. You can make an appointment to inspect 
comments by calling (202) 874-5043.
     Viewing Comments Electronically: You may request e-mail or 
CD-ROM copies of comments that the OCC has received by contacting the 
OCC's Public Information Room at: regs.comments@occ.treas.gov.
     Docket: You may also request available background 
documents and project summaries using the methods described above.
    OTS: You may submit comments, identified by No. 2006-20 by any of 
the following methods:
     Federal eRulemaking Portal: http://www.regulations.gov. 

Follow the instructions for submitting comments.
     E-mail: regs.comments@ots.treas.gov. Please include No. 
2006-20 in the subject line of the message, and include your name and 
telephone number in the message.
     Fax: (202) 906-6518.
     Mail: Regulation Comments, Chief Counsel's Office, Office 
of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552, 
Attention: No. 2006-20.
     Hand Delivery/Courier: Guard's Desk, East Lobby Entrance, 
1700 G Street, NW., from 9 a.m. to 4 p.m. on business days, Attention: 
Regulation Comments, Chief Counsel's Office, Attention: No. 2006-20.
    Instructions: All submissions received must include the agency name 
and document number. All comments received will be posted without 
change to http://www.ots.treas.gov/pagehtml.cfm?catNumber=67&an=1, 

including any personal information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.ots.treas.gov/pagehtml.cfm?catNumber=67&an=1.
 In addition, you may inspect comments 

at the Public Reading Room, 1700 G Street, NW., by appointment. To make 
an appointment for access, call (202) 906-5922, send an e-mail to 
public.info@ots.treas.gov, or send a facsimile transmission to (202) 

906-7755. (Prior notice identifying the materials you will be 
requesting will assist us in serving you.) We schedule appointments on 
business days between 10 a.m. and 4 p.m. In most cases, appointments 
will be available the next business day following the date we receive a 
request.
    Board: You may submit comments, identified by Docket No. OP-1254, 
by any of the following methods:
     Board's Web site: http://www.federalreserve.gov Follow the instructions for submitting comments at http://.

http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm.

     Federal eRulemaking Portal: http//http://www.regulations.gov. 

Follow the instructions for submitting comments.

[[Page 28327]]

     E-mail: regs.comments@federalreserve.gov. Include docket 
number in the subject line of the message.
     Fax: (202) 452-3819 or (202) 452-3102.
     Mail: Jennifer J. Johnson, Secretary, Board of Governors 
of the Federal Reserve System, 20th Street and Constitution Avenue, 
NW., Washington, DC 20551.
    All public comments are available from the Board's Web site at 
http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as 

submitted, unless modified for technical reasons. Accordingly, your 
comments will not be edited to remove any identifying or contact 
information. Public comments also may be viewed electronically or in 
paper form in Room MP-500 of the Board's Martin Building (C and 20th 
Streets, NW.) between 9 a.m. and 5 p.m. on weekdays.
    FDIC: Written comments should be addressed to Robert E. Feldman, 
Executive Secretary, Attention: Comments/OES, Federal Deposit Insurance 
Corporation, 550 17th Street, NW., Washington, DC 20429. Comments may 
be hand delivered to the guard station at the rear of the 550 17th 
Street Building (located on F Street), on business days between 7 a.m. 
and 5 p.m. (Fax number: (202) 898-3838; Internet address: 
comments@fdic.gov.) Comments may be inspected and photocopied in the 

FDIC Public Information Center, Room 100, 801 17th Street, NW., 
Washington, DC, between 9 a.m. and 4:30 p.m. on business days.
    SEC: Comments may be submitted by any of the following methods:

Electronic Comments

     Use the Commission's Internet comment form (http://www.sec.gov/rules/policy.shtml.
;) or     Send an e-mail to rule-comments@sec.gov. Please include 

File Number S7-08-06 on the subject line.

Paper Comments

     Send paper comments in triplicate to Nancy M. Morris, 
Secretary, Securities and Exchange Commission, 100 F Street, NE., 
Washington, DC 20549-1090.

All submissions should refer to File Number S7-08-06. This file number 
should be included on the subject line if e-mail is used. To help us 
process and review your comments more efficiently, please use only one 
method. The Commission will post all comments on the Commission's 
Internet Web site (http://www.sec.gov/rules/policy.shtml). Comments are 

also available for public inspection and copying in the Commission's 
Public Reference Room, 100 F Street, NE., Washington, DC 20549. All 
comments received will be posted without change; we do not edit 
personal identifying information from submissions. You should submit 
only information that you wish to make available publicly.

FOR FURTHER INFORMATION CONTACT: 
    OCC: Kathryn E. Dick, Deputy Comptroller, Credit and Market Risk, 
(202) 874-4660; Grace E. Dailey, Deputy Comptroller, Large Bank 
Supervision, (202) 874-4610; or Ellen Broadman, Director, Securities 
and Corporate Practices Division, (202) 874-5210, Office of the 
Comptroller of the Currency, 250 E Street, SW., Washington, DC 20219.
    OTS: Fred J. Phillips-Patrick, Director, Credit Policy, 
Examinations and Supervision Policy, (202) 906-7295; Deborah S. Merkle, 
Project Manager, Credit Policy, Examinations and Supervision Policy, 
(202) 906-5688; or David A. Permut, Senior Attorney, Business 
Transactions Division, (202) 906-7505, Office of Thrift Supervision, 
1700 G Street, NW., Washington, DC 20552.
    Board: Sabeth I. Siddique, Assistant Director, (202) 452-3861, 
Virginia Gibbs, Senior Supervisory Financial Analyst, (202) 452-2521, 
Division of Banking Supervision and Regulation; or Kieran J. Fallon, 
Assistant General Counsel, (202) 452-5270, Anne B. Zorc, Attorney, 
(202) 452-3876, Legal Division, Board of Governors of the Federal 
Reserve System, 20th Street and Constitution Avenue, NW., Washington, 
DC 20551. Users of Telecommunication Device for Deaf (TTD) only, call 
(202) 263-4869.
    FDIC: Jason C. Cave, Associate Director, (202) 898-3548; Division 
of Supervision and Consumer Protection; or Mark G. Flanigan, Counsel, 
Supervision and Legislation Branch, Legal Division, (202) 898-7426, 
Federal Deposit Insurance Corporation, 550 17th Street, NW., 
Washington, DC 20429.
    SEC: Mary Ann Gadziala, Associate Director, Office of Compliance 
Inspections and Examinations, (202) 551-6207; Catherine McGuire, Chief 
Counsel, Linda Stamp Sundberg, Senior Special Counsel (Banking and 
Derivatives), or Randall W. Roy, Branch Chief, Division of Market 
Regulation, (202) 551-5550, Securities and Exchange Commission, 100 F 
Street, NE., Washington, DC 20549.

SUPPLEMENTARY INFORMATION: 

I. Background

    Financial markets have grown rapidly over the past decade, and 
innovations in financial instruments have facilitated the structuring 
of cash flows and allocation of risk among creditors, borrowers and 
investors in more efficient ways. Financial derivatives for market and 
credit risk, asset-backed securities with customized cash flow 
features, specialized financial conduits that manage pools of assets, 
and other types of structured finance transactions serve important 
purposes, such as diversifying risks, allocating cash flows, and 
reducing cost of capital. As a result, structured finance transactions, 
including the more complex variations of these transactions, now are an 
essential part of U.S. and international capital markets.
    When a financial institution participates in a CSFT, it bears the 
usual market, credit, and operational risks associated with the 
transaction. In some circumstances, a financial institution also may 
face heightened legal or reputational risks due to its involvement in a 
CSFT. For example, a financial institution involved in a CSFT may face 
heightened risk if the customer's regulatory, tax or accounting 
treatment for the CSFT, or disclosures concerning the CSFT in its 
public filings or financial statements, do not comply with applicable 
laws, regulations or accounting principles.
    In some cases, certain CSFTs appear to have been used in illegal 
schemes that misrepresented the financial condition of public companies 
to investors and regulatory authorities. Those cases highlight the 
substantial legal and reputational risks that financial institutions 
may face when they participate in a CSFT that is used by the 
institution's customer to circumvent regulatory or financial reporting 
requirements or further other illegal behavior.\1\ After conducting 
investigations, the OCC, Federal Reserve System and the SEC took strong 
and coordinated civil and administrative enforcement actions against 
certain financial institutions that engaged in CSFTs that appeared to 
have been designed or used to shield their customers' true financial 
health from the public. These actions involved significant financial 
penalties on the institutions and required the institutions to take 
several measures to strengthen their risk management

[[Page 28328]]

procedures for CSFTs.\2\ The complex structured finance relationships 
involving these financial institutions also sparked an investigation by 
the Permanent Subcommittee on Governmental Affairs of the United States 
Senate,\3\ as well as numerous lawsuits by private litigants.
---------------------------------------------------------------------------

    \1\ For a memorandum on the potential liability of a financial 
institution for securities laws violations arising from 
participation in a CSFT, see Letter from Annette L. Nazareth, 
Director, Division of Market Regulation, Securities and Exchange 
Commission, to Richard Spillenkothen and Douglas W. Roeder, dated 
December 4, 2003 (available at http://www.federalreserve.gov/boarddocs/srletters/2004/ and http://www.occ.treas.gov).

    \2\ See, e.g. In the Matter of Citigroup, Inc., Securities 
Exchange Act Release No. 48230 (July 28, 2003), Written Agreement by 
and between Citibank, N.A. and the Office of the Comptroller of the 
Currency, No. 2003-77 (July 28, 2003) (pertaining to transactions 
entered into by Citibank, N.A. with Enron Corp.), and Written 
Agreement by and between Citigroup, Inc. and the Federal Reserve 
Bank of New York, dated July 28, 2003 (pertaining to transactions 
involving Citigroup Inc. and its subsidiaries and Enron Corp. and 
Dynegy Inc.); SEC v. J.P. Morgan Chase, SEC Litigation Release No. 
18252 (July 28, 2003) and Written Agreement by and among J.P. Morgan 
Chase & Co., the Federal Reserve Bank of New York, and the New York 
State Banking Department, dated July 28, 2003 (pertaining to 
transactions involving J.P. Morgan Chase & Co. and its subsidiaries 
and Enron Corp.).
    \3\ See Fishtail, Bacchus, Sundance, and Slapshot: Four Enron 
Transactions Funded and Facilitated by U.S. Financial Institutions, 
Report Prepared by the Permanent Subcomm. on Investigations, Comm. 
on Governmental Affairs, United States Senate, S. Rpt. 107-82 
(2003).
---------------------------------------------------------------------------

    Following these investigations, the OCC, Board and SEC also 
conducted special reviews of several large banking and securities firms 
that are significant participants in the market for CSFTs. These 
reviews were designed to evaluate the new product approval, transaction 
approval, and other internal controls and processes used by these 
institutions to identify and manage the legal, reputational and other 
risks associated with CSFTs. These assessments indicated that many of 
the large financial institutions engaged in CSFTs already had taken 
meaningful steps to improve their control infrastructure relating to 
CSFTs. The Agencies also focused attention on the complex structured 
finance activities of financial institutions in the normal course of 
the supervisory process.

II. Initial Statement

    To further assist financial institutions in identifying, managing, 
and addressing the risks that may be associated with CSFTs, the 
Agencies developed and requested public comment on the Initial 
Statement.\4\ As a general matter, the Initial Statement provided that 
financial institutions engaged in CSFTs should have and maintain a 
comprehensive set of formal, firm-wide policies and procedures that are 
designed to allow the institution to identify, document, evaluate, and 
control the full range of credit, market, operational, legal, and 
reputational risks that may arise from CSFTs. The Initial Statement 
also described the types of policies and procedures that financial 
institutions should have for CSFTs in the following specific areas: (1) 
Transaction approval; (2) approval of new complex structured finance 
products; (3) identification and management of the potential 
reputational and legal risk associated with CSFTs; (4) review of the 
customer's proposed accounting and disclosures for CSFTs; (5) 
documentation of CSFTs; (6) management reporting for CSFTs; (7) 
independent monitoring and analysis of the institution's compliance 
with its internal policies regarding CSFTs; (8) role of internal audit; 
and (9) training of personnel involved in CSFTs.
---------------------------------------------------------------------------

    \4\ See 69 FR 28980, May 19, 2004.
---------------------------------------------------------------------------

    Among other things, the Initial Statement provided that financial 
institutions should establish a clear process for identifying those 
CSFTs that may create heightened legal or reputational risk for the 
institution, and included a list of transaction characteristics that 
may indicate that a CSFT (or series of CSFTs) creates elevated levels 
of legal or reputational risk for the institution. The Initial 
Statement also provided that an institution should ensure that 
transactions identified as being elevated risk CSFTs are thoroughly 
reviewed by the institution's control functions and management during 
the institution's transaction or new product approval processes. As 
part of this review, the Initial Statement indicated that the 
institution should obtain and document complete and accurate 
information about the customer's business objectives for entering into 
the transaction, as well as about the customer's proposed accounting 
treatment and financial disclosures relating to the transaction.

III. Overview of Comments

    The Agencies collectively received comments on the Initial 
Statement from more than 40 persons, although many commenters submitted 
multiple comments or submitted identical comments to multiple Agencies. 
Commenters included banking organizations, trade associations, 
investment banks, consulting firms, public accounting firms, law firms, 
an association of state officials, and individuals. In addition to 
submitting written comments, some commenters also met with Agency 
representatives to discuss their views of the Initial Statement.
    Commenters generally supported the Agencies' efforts to describe 
the types of risk management procedures and internal controls that may 
help financial institutions identify and mitigate the legal and 
reputational risks associated with CSFTs. In this regard, many 
commenters recognized that financial institutions need a robust risk 
management and control framework to help institutions avoid becoming 
involved in CSFTs that are used for illegal or abusive purposes and to 
manage the risks associated with CSFTs.
    Virtually all of the commenters, however, recommended changes to 
the Initial Statement. For example, many commenters argued that the 
characteristics of CSFTs in general and of elevated risk CSFTs in 
particular identified in the Initial Statement were too broad and would 
encompass many structured finance products that are not novel or 
complex and that do not present heightened legal or reputational risks 
for participating financial institutions. These commenters argued, for 
example, that the Initial Statement could be read as requiring 
financial institutions to identify any structured finance transaction 
that involves a special purpose entity (``SPE'') or cross-border 
elements as an elevated risk CSFT.
    Many commenters also asserted that the internal controls and risk 
management processes described in the Initial Statement for CSFTs and 
elevated risk CSFTs were overly prescriptive and burdensome. For 
example, many commenters expressed concern that the Initial Statement 
could be read as requiring a financial institution to conduct a 
detailed and extensive pre-transaction review of all CSFTs regardless 
of the role that the institution played in the transaction, and 
regardless of whether the transaction's characteristics suggested that 
it may create significant legal, reputational or other risks for the 
institution. Similarly, many commenters argued that the Initial 
Statement imposed new and inappropriate obligations on financial 
institutions to confirm the validity of a customer's financial 
disclosures or accounting or tax treatment for a CSFT, and would 
establish new and extensive documentation requirements for CSFTs.
    Commenters asserted that, in light of these and other concerns, the 
Initial Statement had the potential to increase the legal risks faced 
by financial institutions participating in CSFTs. In addition, 
commenters argued that the Initial Statement, if implemented, would 
disrupt the market for legitimate structured finance products and place 
U.S. financial institutions at a competitive disadvantage in the market 
for CSFTs both in the United States and abroad.
    As a general matter, commenters recommended that the Agencies 
modify the Initial Statement to make it more

[[Page 28329]]

principles-based and focused on transactions that may create elevated 
risks for a participating financial institution. For example, many 
commenters recommended that the Agencies modify the list of 
characteristics of elevated risk CSFTs to focus on factors that are 
likely indicators that a transaction may, in fact, create heightened 
legal or reputational risks for a participating institution. In 
addition, commenters recommended that the Agencies provide financial 
institutions greater flexibility to design internal controls and risk 
management procedures for CSFTs that are tailored to the size, 
activities and general internal control framework of the institution. 
Finally, many commenters recommended that the Agencies republish a 
revised statement for a new round of public comment.

IV. Overview of Revised Statement

    The Agencies have substantially revised the Initial Statement in 
light of the comments. In particular, the Revised Statement has been 
shortened and reorganized to be more principles-based and to focus on 
elevated risk CSFTs. Because these revisions are substantial, and the 
Revised Statement is an important explanation of the key principles and 
best practices governing CSFT activities, the Agencies invite public 
comment on the Revised Statement.
    The Agencies continue to believe that it is important for a 
financial institution engaged in CSFTs to have policies and procedures 
that are designed to allow the institution to effectively manage and 
address the risks associated with its CSFT activities. These policies 
and procedures should, among other things, be designed to allow the 
institution to identify during its transaction and new product approval 
processes those CSFTs that may present elevated legal or reputational 
risks to the institution. In addition, an institution's policies and 
procedures should provide that CSFTs identified as potentially having 
elevated legal or reputational risks are reviewed by appropriate levels 
of control and management personnel at the institution, including 
personnel from control areas that are independent of the business 
line(s) involved in the transaction. The level and amount of due 
diligence conducted by an institution for an elevated risk CSFT should 
be commensurate with the transaction's potential risk to the 
institution. In conducting this due diligence, the institution may find 
it useful or necessary to obtain additional information from the 
customer or to obtain specialized advice from qualified in-house or 
outside accounting, tax, legal or other professionals.
    If, after evaluating an elevated risk CSFT, a financial institution 
determines that its participation in the CSFT would create significant 
legal or reputational risks for the institution, the financial 
institution should take appropriate steps to manage and address these 
risks. Such steps may include modifying the transaction or conditioning 
the institution's participation in the transaction upon the receipt of 
representations or assurances from the customer that reasonably address 
the heightened risks presented by the transaction. A financial 
institution should decline to participate in an elevated risk CSFT if, 
after conducting appropriate due diligence and taking appropriate steps 
to address the risks from the transaction, the institution determines 
that the transaction presents unacceptable risks to the institution or 
would result in a violation of applicable laws, regulations or 
accounting principles.
    With these broad principles in mind, the Agencies have made a 
number of changes to the Initial Statement to address the issues and 
concerns raised by commenters, to clarify the purpose, scope and effect 
of the Revised Statement, and to make the document more risk-focused. 
The Agencies believe that, with these changes, the Revised Statement 
promotes sound risk management principles while providing an individual 
financial institution greater flexibility to develop implementing 
policies, procedures and systems that are appropriately tailored to the 
nature, scope, complexity and risks of its CSFT activities and to the 
institution's general internal control framework. In particular, the 
Agencies have, among other things:
     Focused the statement more clearly on those CSFTs that may 
present heightened legal or reputational risks to a participating 
institution;
     Clarified that the statement does not apply to structured 
finance transactions, such as standard public mortgage-backed 
securities transactions, that are familiar to participants in the 
financial markets and have well-established track records and, for this 
reason, will not affect or apply to the vast majority of small 
financial institutions;
     Modified the examples of CSFTs that may warrant additional 
scrutiny by an institution to focus on transactions that are more 
likely to present elevated levels of legal or reputational risk to an 
institution (e.g., transactions that raise concerns that the client 
will report or disclose the transaction in its public filings or 
financial statements in a manner that is materially misleading);
     Clarified that the due diligence conducted by a financial 
institution for an elevated risk CSFT should focus on those issues 
identified by the institution as potentially creating heightened levels 
of legal or reputational risk for the institution;
     Recognized that the role a financial institution plays in 
a CSFT may affect both the amount of information it has concerning the 
transaction and the level of legal or reputational risks presented by 
the transaction to the institution;
     Streamlined and modified the documentation and general 
control portions of the statement to focus on the proper goals of an 
institution s policies and procedures in these areas; and
     Provided that a financial institution operating in foreign 
jurisdictions may tailor its policies and procedures as appropriate to 
account for, and comply with, the applicable laws, regulations and 
standards of those foreign jurisdictions.
    Because many of the core elements of an effective control 
infrastructure are the same regardless of the business line involved, 
the Revised Statement continues to draw heavily on controls and 
procedures that the Agencies previously have found to be effective in 
assisting a financial institution to manage and control risks and 
identifies ways in which these controls and procedures can be applied 
effectively to elevated risk CSFTs. Moreover, as noted above, many of 
the large financial institutions that are actively involved in CSFT-
related activities have taken steps in recent years to bolster and 
improve their risk management and internal control processes for CSFTs. 
Based on the Agencies' supervisory experience, the Agencies believe 
that the Revised Statement generally is consistent with the controls 
and processes used by large financial institutions to manage the risks 
arising from their CSFT activities.
    The Agencies propose to adopt the Revised Statement as supervisory 
guidance (in the case of the Federal banking agencies) or a policy 
statement (in the case of the SEC) and to use the Revised Statement in 
reviewing the internal controls and risk management systems of those 
financial institutions that are engaged in CSFTs as part of the 
Agencies' supervisory processes. Accordingly, the Revised Statement 
does not create any private rights of action, nor does it alter or 
expand the legal duties and obligations that a financial institution 
may have to a customer, its shareholders or other third parties under 
applicable law. The

[[Page 28330]]

Agencies have added a statement to this effect in the Revised 
Statement.
    The Agencies request comment on all aspects of the Revised 
Statement.

V. Paperwork Reduction Act

    The Agencies have determined that certain provisions of the Revised 
Statement contain collection of information requirements as defined in 
the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.) (PRA). An 
Agency may not conduct or sponsor, and a respondent is not required to 
respond to, an information collection unless it displays a currently 
valid Office of Management and Budget (OMB) control number.
    OMB has reviewed and approved the proposed information collections 
for the FDIC, OTS, and OCC; the SEC is submitting their proposed 
information collection to OMB for review and approval; and the Board 
has reviewed the Revised Statement under the authority delegated to the 
Board by OMB (5 CFR 1320, appendix A.1).
OMB control numbers:

     OCC: 1557-0229.
     OTS: 1550-0111.
     FRB: 7100-0311.
     FDIC: 3064-0148.
     SEC: 3235-0xxx (to be assigned).

    Comment was requested on the proposed information collections 
contained in the Initial Statement published for comment on May 19, 
2004. As discussed above, many commenters asserted that the Initial 
Statement in general, and its documentation provisions in particular, 
were unduly burdensome and prescriptive. For this reason, some 
commenters asserted that the estimates of the burden (100 hours per 
respondent) were too low.
    In light of this and the modifications made to the Initial 
Statement, the Agencies have reconsidered the burden estimates 
previously published and are once again requesting comment before 
finalizing this statement. In response to the comments, the Agencies 
have made significant modifications to make the Revised Statement more 
principles-based and risk-focused than the Initial Statement, and to 
provide an individual institution greater flexibility in developing 
policies, procedures, and systems that are appropriate and tailored to 
the nature of the institution's CSFT activities and general internal 
control framework. The Agencies believe that the information collection 
requirements contained in the Revised Statement, as discussed earlier 
in the notice, are generally consistent with the types of policies and 
procedures that the large financial institutions actively involved in 
CSFTs have already developed and implemented as a matter of usual and 
customary business practices. Therefore, the information collections 
contained in the Revised Statement are significantly less burdensome 
than those estimated in the Initial Statement and, thus, the Agencies 
have revised the hourly estimate down from 100 hours per response to an 
average of 25 hours per response.

New Estimates

OCC
    Number of Respondents: 21.
    Estimated Time per Response: 25 hours.
    Total Estimated Annual Burden: 525 hours.
OTS
    Number of Respondents: 5.
    Estimated Time per Response: 25 hours.
    Total Estimated Annual Burden: 125 hours.
Board
    Number of Respondents: 20.
    Estimated Time per Response: 25 hours.
    Total Estimated Annual Burden: 500 hours.
FDIC
    Number of Respondents: 5.
    Estimated Time per Response: 25 hours.
    Total Estimated Annual Burden: 125 hours.
SEC
    Number of Respondents: 5.
    Estimated Time per Response: 25 hours.
    Total Estimated Annual Burden: 125 hours.
Comments continue to be invited on:
    (a) Whether the collections of information contained in the Revised 
Statement are necessary for the proper performance of the Agencies' 
functions, including whether the information has practical utility;
    (b) The accuracy of the estimates of the burden of the information 
collection, including the validity of the methodology and assumptions 
used;
    (c) Ways to enhance the quality, utility, and clarity of the 
information to be collected;
    (d) Ways to minimize the burden of the information collection on 
respondents, including through the use of automated collection 
techniques or other forms of information technology; and
    (e) Estimates of capital or start up costs and costs of operation, 
maintenance, and purchase of services to provide information.
    Comments on the information collections contained in the Revised 
Statement should be addressed to:
    OCC: You should direct your comments to:
    Communications Division, Office of the Comptroller of the Currency, 
Public Information Room, Mailstop 1-5, Attention: 1557-0229, 250 E 
Street, SW., Washington, DC 20219. In addition, comments may be sent by 
fax to (202) 874-4448, or by electronic mail to 
regs.comments@occ.treas.gov. You can inspect and photocopy the comments 

at the OCC's Public Information Room, 250 E Street, SW., Washington, DC 
20219. You can make an appointment to inspect the comments by calling 
(202) 874-5043. Additionally, you should send a copy of your comments 
to OCC Desk Officer, 1557-0229, by mail to U.S. Office of Management 
and Budget, 725, 17th Street, NW., 10235, Washington, DC 
20503, or by fax to (202) 395-6974.
    You can request additional information or a copy of the collection 
from Mary Gottlieb, OCC Clearance Officer, or Camille Dickerson, (202) 
874-5090, Legislative and Regulatory Activities Division, Office of the 
Comptroller of the Currency, 250 E Street, SW., Washington, DC 20219.
    OTS: Information Collection Comments, Chief Counsel's Office, 
Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552; 
send a facsimile transmission to (202) 906-6518; or send an e-mail to 
infocollection.comments@ots.treas.gov. OTS will post comments and the 

related index on the OTS Internet site at http://www.ots.treas.gov. In 

addition, interested persons may inspect the comments at the Public 
Reading Room, 1700 G Street, NW., by appointment. To make an 
appointment, call (202) 906-5922, send an e-mail to 
public.info@ots.treas.gov, or send a facsimile transmission to (202) 

906-7755.
    To obtain a copy of the submission to OMB, contact Marilyn K. 
Burton at marilyn.burton@ots.treas.gov, (202) 906-6467, or fax number 
(202) 906-6518, Chief Counsel's Office, Office of Thrift Supervision, 
1700 G Street, NW., Washington, DC 20552.
    Board: You may submit comments, identified by Docket No. OP-1254, 
by any of the following methods:
     Agency Web site: http://www.federalreserve.gov. Follow the 

instructions for submitting comments at

[[Page 28331]]

http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm     Federal eRulemaking Portal: http://www.regulations.gov. 
http://www.regulations.gov. . 

Follow the instructions for submitting comments.
     E-mail: regs.comments@federalreserve.gov. Include docket 
number in the subject line of the message.
     Fax: (202) 452-3819 or (202) 452-3102.
     Mail: Michelle Long, Federal Reserve Board Clearance 
Officer (202) 452-3829, Division of Research and Statistics, Board of 
Governors of the Federal Reserve System, Washington, DC 20551. 
Telecommunications Device for the Deaf (TDD) users may contact (202) 
263-4869, Board of Governors of the Federal Reserve System, Washington, 
DC 20551.
    All public comments are available from the Board's Web site at 
http://www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as 

submitted, unless modified for technical reasons. Accordingly, your 
comments will not be edited to remove any identifying or contact 
information. Public comments may also be viewed electronically or in 
paper in Room MP-500 of the Board's Martin Building (20th and C 
Streets, NW.) between 9 a.m. and 5 p.m. on weekdays.
    FDIC: Interested parties are invited to submit written comments to 
the FDIC concerning the Paperwork Reduction Act implications of this 
proposal. Such comments should refer to ``Complex Structured Financial 
Transactions, 3064-0148.'' Comments may be submitted by any of the 
following methods:
     http://www.FDIC.gov/regulations/laws/federal/propose.html..     E-mail: comments@FDIC.gov. Include Complex Structured 

Financial Transactions, 3064-0148 in the subject line of the message.
     Mail: Steven F. Hanft (202) 898-3907, Federal Deposit 
Insurance Corporation, 550 17th Street, NW., Washington, DC 20429.
     Hand Delivery: Comments may be hand-delivered to the guard 
station at the rear of the 17th Street Building (located on F Street), 
on business days between 7 a.m. and 5 p.m.
    SEC: You should direct your comments to: Office of Management and 
Budget, Attention Desk Officer of the Securities and Exchange 
Commission, Office of Information and Regulatory Affairs, Room 10102, 
New Executive Office Building, Washington, DC 20503, with a copy sent 
to Nancy M. Morris, Secretary, Securities and Exchange Commission, 100 
F Street, NE., Washington, DC 20549-1090 with reference to File No. S7-
08-06.
    The proposed Revised Statement follows:

Interagency Statement on Sound Practices Concerning Elevated Risk 
Complex Structured Finance Activities

I. Introduction

    Financial markets have grown rapidly over the past decade, and 
innovations in financial instruments have facilitated the structuring 
of cash flows and allocation of risk among creditors, borrowers and 
investors in more efficient ways. Financial derivatives for market and 
credit risk, asset-backed securities with customized cash flow 
features, specialized financial conduits that manage pools of assets 
and other types of structured finance transactions serve important 
business purposes, such as diversifying risks, allocating cash flows, 
and reducing cost of capital. As a result, structured finance 
transactions now are an essential part of U.S. and international 
capital markets. Financial institutions have played and continue to 
play an active and important role in the development of structured 
finance products and markets, including the market for the more complex 
variations of structured finance products.
    When a financial institution participates in a complex structured 
finance transaction (``CSFT''), it bears the usual market, credit, and 
operational risks associated with the transaction. In some 
circumstances, a financial institution also may face heightened legal 
or reputational risks due to its involvement in a CSFT. For example, in 
some circumstances, a financial institution may face heightened legal 
or reputational risk if a customer's regulatory, tax or accounting 
treatment for a CSFT, or disclosures concerning the CSFT in its public 
filings or financial statements, do not comply with applicable laws, 
regulations or accounting principles. Indeed, some financial 
institutions have incurred significant legal costs and liability and 
suffered reputational harm due to their role in certain transactions 
that were used by customers to misrepresent the customers' financial 
condition to investors, regulatory authorities or others. Reputational 
risk poses a significant threat to financial institutions because the 
nature of their business requires them to maintain the confidence of 
customers, creditors and the general marketplace.
    The Office of the Comptroller of the Currency, the Office of Thrift 
Supervision, the Board of Governors of the Federal Reserve System, the 
Federal Deposit Insurance Corporation, and the Securities and Exchange 
Commission (the regulatory Agencies) have long expected financial 
institutions to develop and maintain robust control infrastructures 
that enable them to identify, evaluate and address the risks associated 
with their business activities. Financial institutions also must 
conduct their activities in accordance with applicable statutes and 
regulations.

II. Scope and Purpose of Statement

    The regulatory Agencies are issuing this Statement to describe the 
types of risk management principles that we believe may help a 
financial institution to identify CSFTs that may pose heightened legal 
or reputational risks to the institution (``elevated risk CSFTs'') and 
to evaluate, manage and address these risks within the institution's 
internal control framework.\5\
---------------------------------------------------------------------------

    \5\ As used in this Statement, the term ``financial 
institution'' or ``institution'' refers to national banks in the 
case of the Office of the Comptroller of the Currency; federal and 
state savings associations and savings and loan holding companies in 
the case of the Office of Thrift Supervision; state member banks and 
bank holding companies (other than foreign banking organizations) in 
the case of the Federal Reserve Board; state nonmember banks in the 
case of the Federal Deposit Insurance Corporation; and registered 
broker-dealers and investment advisers in the case of the Securities 
and Exchange Commission. The U.S. branches and agencies of foreign 
banks supervised by the Office of the Comptroller, the Federal 
Reserve Board and the Federal Deposit Insurance Corporation also are 
considered to be financial institutions for purposes of this 
Statement.
---------------------------------------------------------------------------

    Structured finance transactions encompass a broad array of products 
with varying levels of complexity. Most structured finance 
transactions, such as standard public mortgage-backed securities 
transactions, public securitizations of retail credit cards, asset-
backed commercial paper conduit transactions, and hedging-type 
transactions involving ``plain vanilla'' derivatives and collateralized 
loan obligations, are familiar to participants in the financial 
markets, and these vehicles have a well-established track record. These 
transactions typically would not be considered CSFTs for the purpose of 
this Statement.
    Because this Statement focuses on sound practices related to CSFTs 
that may create heightened legal or reputational risks--transactions 
that typically are conducted by a limited number of large financial 
institutions--it will not affect or apply to the vast majority of 
financial institutions, including most small institutions. As in all 
cases, a financial institution should tailor its internal controls so 
that they are appropriate in light of the nature, scope, complexity and 
risks of its

[[Page 28332]]

activities. Thus, for example, an institution that is actively involved 
in structuring and offering CSFTs that may create heightened legal or 
reputational risk for the institution should have a more formalized and 
detailed control framework than an institution that participates in 
these types of transactions less frequently. The internal controls and 
procedures discussed in this Statement are not all inclusive, and, in 
appropriate circumstances, an institution may find that other controls, 
policies, or procedures are appropriate in light of its particular CSFT 
activities.
    Because many of the core elements of an effective control 
infrastructure are the same regardless of the business line involved, 
this Statement draws heavily on controls and procedures that the 
Agencies previously have found to be effective in assisting a financial 
institution to manage and control risks and identifies ways in which 
these controls and procedures can be effectively applied to elevated 
risk CSFTs. Although this Statement highlights some of the most 
significant risks associated with elevated risk CSFTs, it is not 
intended to present a full exposition of all risks associated with 
these transactions. Financial institutions are encouraged to refer to 
other supervisory guidance prepared by the Agencies for further 
information concerning market, credit, operational, legal and 
reputational risks as well as internal audit and other appropriate 
internal controls.
    This Statement does not create any private rights of action, and 
does not alter or expand the legal duties and obligations that a 
financial institution may have to a customer, its shareholders or other 
third parties under applicable law. At the same time, adherence to the 
principles discussed in this Statement would not necessarily insulate a 
financial institution from regulatory action or any liability the 
institution may have to third parties under applicable law.

III. Identification and Review of Elevated Risk Complex Structured 
Finance Transactions

    A financial institution that engages in CSFTs should maintain a set 
of formal, firm-wide policies and procedures that are designed to allow 
the institution to identify, evaluate, assess, document, and control 
the full range of credit, market, operational, legal and reputational 
risks associated with these transactions. These policies may be 
developed specifically for CSFTs, or included in the set of broader 
policies governing the institution generally. A financial institution 
operating in foreign jurisdictions may tailor its policies and 
procedures as appropriate to account for, and comply with, the 
applicable laws, regulations and standards of those jurisdictions.\6\
---------------------------------------------------------------------------

    \6\ In the case of U.S. branches and agencies of foreign banks, 
the institution should coordinate these policies with the foreign 
bank's group-wide policies developed in accordance with the rules of 
the foreign bank's home country supervisor. In addition, the U.S. 
branches and agencies of foreign banks should implement a control 
infrastructure for CSFTs, including management, review and approval 
requirements, that is consistent with the institution's overall 
corporate and management structure as well as its framework for risk 
management and internal controls.
---------------------------------------------------------------------------

    A financial institution's policies and procedures should establish 
a clear framework for the review and approval of individual CSFTs. 
These policies and procedures should set forth the responsibilities of 
the personnel involved in the origination, structuring, trading, 
review, approval, documentation, verification, and execution of CSFTs. 
Financial institutions may find it helpful to incorporate the review of 
new CSFTs into their existing new product policies. In this regard, a 
financial institution should define what constitutes a ``new'' complex 
structured finance product and establish a control process for the 
approval of such new products. In determining whether a CSFT is new, a 
financial institution may consider a variety of factors, including 
whether it contains structural or pricing variations from existing 
products, whether the product is targeted at a new class of customers, 
whether it is designed to address a new need of customers, whether it 
raises significant new legal, compliance or regulatory issues, and 
whether it or the manner in which it would be offered would materially 
deviate from standard market practices. An institution's policies 
should require new complex structured finance products to receive the 
approval of all relevant control areas that are independent of the 
profit center before the product is offered to customers.
A. Identifying Elevated Risk CSFTs
    As part of its transaction and new product approval controls, a 
financial institution should establish and maintain policies, 
procedures and systems to identify elevated risk CSFTs. Because of the 
potential risks they present to the institution, transactions or new 
products identified as elevated risk CSFTs should be subject to 
heightened reviews during the institution's transaction or new product 
approval processes. Examples of transactions that an institution may 
determine warrant this additional scrutiny are those that (either 
individually or collectively) appear to the institution during the 
ordinary course of its transaction approval or new product approval 
process to:
     Lack economic substance or business purpose;
     Be designed or used primarily for questionable accounting, 
regulatory, or tax objectives, particularly when the transactions are 
executed at year end or at the end of a reporting period for the 
customer;
     Raise concerns that the client will report or disclose the 
transaction in its public filings or financial statements in a manner 
that is materially misleading or inconsistent with the substance of the 
transaction or applicable regulatory or accounting requirements;
     Involve circular transfers of risk (either between the 
financial institution and the customer or between the customer and 
other related parties) that lack economic substance or business 
purpose;
     Involve oral or undocumented agreements that, when taken 
into account, would have a material impact on the regulatory, tax, or 
accounting treatment of the related transaction, or the client s 
disclosure obligations; \7\
---------------------------------------------------------------------------

    \7\ This item is not intended to include traditional, non-
binding ``comfort'' letters or assurances provided to financial 
institutions in the loan process where, for example, the parent of a 
loan customer states that the customer (i.e., the parent's 
subsidiary) is an integral and important part of the parent's 
operations.
---------------------------------------------------------------------------

     Have material economic terms that are inconsistent with 
market norms (e.g., deep in the money options or historic rate 
rollovers); or
     Provide the financial institution with compensation that 
appears substantially disproportionate to the services provided or 
investment made by the financial institution or to the credit, market 
or operational risk assumed by the institution.
    The examples listed previously are provided for illustrative 
purposes only, and the policies and procedures established by financial 
institutions may differ in how they seek to identify elevated risk 
CSFTs. The goal of each institution's policies and procedures, however, 
should remain the same--to identify those CSFTs that warrant additional 
scrutiny in the transaction or new product approval process due to 
concerns regarding legal or reputational risks.
    Financial institutions that structure or market, act as an advisor 
to a customer regarding, or otherwise play a substantial role in a 
transaction may have more information concerning the

[[Page 28333]]

customer's business purpose for the transaction and any special 
accounting, tax or financial disclosure issues raised by the 
transaction than institutions that play a more limited role. Thus, the 
ability of a financial institution to identify the risks associated 
with an elevated risk CSFT may differ depending on its role.
B. Due Diligence, Approval and Documentation Process for Elevated Risk 
CSFTs
    Having developed a process to identify elevated risk CSFTs, a 
financial institution should implement policies and procedures to 
conduct a heightened level of due diligence for these transactions. The 
financial institution should design these policies and procedures to 
allow personnel at an appropriate level to understand and evaluate the 
potential legal or reputational risks presented by the transaction to 
the institution and to manage and address any heightened legal or 
reputational risks ultimately found to exist with the transaction.
    Due Diligence. If a CSFT is identified as an elevated risk CSFT, 
the institution should carefully evaluate and take appropriate steps to 
address the risks presented by the transaction with a particular focus 
on those issues identified as potentially creating heightened levels of 
legal or reputational risk for the institution. In general, a financial 
institution should conduct the level and amount of due diligence for an 
elevated risk CSFT that is commensurate with the level of risks 
identified. A financial institution that structures or markets an 
elevated risk CSFT to a customer, or that acts as an advisor to a 
customer or investors concerning an elevated risk CSFT, may have 
additional responsibilities under the federal securities laws, the 
Internal Revenue Code, state fiduciary laws or other laws or 
regulations and, thus, may have greater legal and reputational risk 
exposure with respect to an elevated risk CSFT than a financial 
institution that acts only as a counterparty for the transaction. 
Accordingly, a financial institution may need to exercise a higher 
degree of care in conducting its due diligence when the institution 
structures or markets an elevated risk CSFT or acts as an advisor 
concerning such a transaction than when the institution plays a more 
limited role in the transaction.
    To appropriately understand and evaluate the potential legal and 
reputational risks associated with an elevated risk CSFT that a 
financial institution has identified, the institution may find it 
useful or necessary to obtain additional information from the customer 
or to obtain specialized advice from qualified in-house or outside 
accounting, tax, legal, or other professionals. As with any 
transaction, an institution should obtain satisfactory responses to its 
material questions and concerns prior to consummation of a 
transaction.\8\
---------------------------------------------------------------------------

    \8\ Of course, financial institutions also should ensure that 
their own accounting for transactions complies with applicable 
accounting standards, consistently applied.
---------------------------------------------------------------------------

    In conducting its due diligence for an elevated risk CSFT, a 
financial institution should independently analyze the potential risks 
to the institution from both the transaction and the institution's 
overall relationship with the customer. Institutions should not 
conclude that a transaction identified as being an elevated risk CSFT 
involves minimal or manageable risks solely because another financial 
institution will participate in the transaction or because of the size 
or sophistication of the customer or counterparty. Moreover, a 
financial institution should carefully consider whether it would be 
appropriate to rely on opinions or analyses prepared by or for the 
customer concerning any significant accounting, tax or legal issues 
associated with an elevated risk CSFT.
    Approval Process. A financial institution's policies and procedures 
should provide that CSFTs identified as having elevated legal or 
reputational risk are reviewed and approved by appropriate levels of 
control and management personnel. The designated approval process for 
such CSFTs should include representatives from the relevant business 
line(s) and/or client management, as well as from appropriate control 
areas that are independent of the business line(s) involved in the 
transaction. The personnel responsible for approving an elevated risk 
CSFT on behalf of a financial institution should have sufficient 
experience, training and stature within the organization to evaluate 
the legal and reputational risks, as well as the credit, market and 
operational risks to the institution.
    The institution's control framework should have procedures to 
deliver the necessary or appropriate information to the personnel 
responsible for reviewing or approving an elevated risk CSFT to allow 
them to properly perform their duties. Such information may include, 
for example, the material terms of the transaction, a summary of the 
institution's relationship with the customer, and a discussion of the 
significant legal, reputational, credit, market and operational risks 
presented by the transaction.
    Some institutions have established a senior management committee 
that is designed to involve experienced business executives and senior 
representatives from all of the relevant control functions within the 
financial institution, including such groups as independent risk 
management, accounting, policy, legal, compliance, and financial 
control, in the oversight and approval of CSFTs identified as having 
elevated risks. While this type of management committee may not be 
appropriate for all financial institutions, a financial institution 
should establish processes that assist the institution in consistently 
managing its elevated risk CSFTs on a firm-wide basis.\9\
---------------------------------------------------------------------------

    \9\ The control processes that a financial institution 
establishes for CSFTs should take account of, and be consistent 
with, any informational barriers established by the institution to 
manager potential conflicts of interests, insider trading or other 
concerns.
---------------------------------------------------------------------------

    If, after evaluating an elevated risk CSFT, the financial 
institution determines that its participation in the CSFT would create 
significant legal or reputational risks for the institution, the 
institution should take appropriate steps to address those risks. Such 
actions may include declining to participate in the transaction, or 
conditioning its participation upon the receipt of representations or 
assurances from the customer that reasonably address the heightened 
legal or reputational risks presented by the transaction. Any 
representations or assurances provided by a customer should be obtained 
before a transaction is executed and be received from, or approved by, 
an appropriate level of the customer's management. A financial 
institution should decline to participate in an elevated risk CSFT if, 
after conducting appropriate due diligence and taking appropriate steps 
to address the risks from the transaction, the institution determines 
that the transaction presents unacceptable risk to the institution or 
would result in a violation of applicable laws, regulations or 
accounting principles.
    Documentation. The documentation that financial institutions use to 
support CSFTs is often highly customized for individual transactions 
and negotiated with the customer. Careful generation, collection and 
retention of documents associated with elevated risk CSFTs are 
important control mechanisms that may help an institution monitor and 
manage the legal, reputational, operational, market, and credit risks 
associated with the transaction. In addition, sound

[[Page 28334]]

documentation practices may help reduce unwarranted exposure to the 
financial institution's reputation.
    A financial institution should create and collect sufficient 
documentation to allow the institution to:
     Document the material terms of the transaction;
     Enforce the material obligations of the counterparties;
     Confirm that customers have received any required 
disclosures concerning the transaction; and
     Verify that the institution s policies and procedures are 
being followed and allow the internal audit function to monitor 
compliance with those policies and procedures.
    When an institution's policies and procedures require an elevated 
risk CSFT to be submitted for approval to senior management, the 
institution should maintain the transaction-related documentation 
provided to senior management as well as other documentation that 
reflect management's approval (or disapproval) of the transaction, any 
conditions imposed by senior management, and the reasons for such 
action. The institution should retain documents created for elevated 
risk CSFTs in accordance with its record retention policies and 
procedures as well as applicable statutes and regulations.
C. Other Risk Management Principles for Elevated Risk CSFTs
    General Business Ethics. The board and senior management of a 
financial institution also should establish a ``tone at the top'' 
through both actions and formalized policies that sends a strong 
message throughout the financial institution about the importance of 
compliance with the law and overall good business ethics. The board and 
senior management should strive to create a firm-wide corporate culture 
that is sensitive to ethical or legal issues as well as the potential 
risks to the financial institution that may arise from unethical or 
illegal behavior. This kind of culture coupled with appropriate 
procedures should reinforce business-line ownership of risk 
identification, and encourage personnel to move ethical or legal 
concerns regarding elevated risk CSFTs to appropriate levels of 
management. In appropriate circumstances, financial institutions may 
also need to consider implementing mechanisms to protect personnel by 
permitting the confidential disclosure of concerns.\10\ As in other 
areas of financial institution management, compensation and incentive 
plans should be structured, in the context of elevated risk CSFTs, so 
that they provide personnel with appropriate incentives to have due 
regard for the legal, ethical and reputational risk interests of the 
institution.
---------------------------------------------------------------------------

    \10\ The agencies note that the Sarbanes-Oxley Act of 2002 
requires companies listed on a national securities exchange or 
inter-dealer quotation system of a national securities association 
to establish procedures that enable employees to submit concerns 
regarding questionable accounting or auditing matters on a 
confidential, anonymous basis. See 15 U.S.C. 78j-1(m).
---------------------------------------------------------------------------

    Monitoring Compliance with Internal Policies and Procedures. The 
events of recent years evidence the need for an effective oversight and 
review program for elevated risk CSFTs. Financial institutions should 
conduct periodic independent reviews of their CSFT activities to verify 
that their policies and controls relating to elevated risk CSFTs are 
being implemented effectively and that elevated risk CSFTs are 
accurately identified and receive proper approvals. Such monitoring may 
include more frequent assessments of the risk arising from elevated 
risk CSFTs, both individually and within the context of the overall 
customer relationship, and the results of this monitoring should be 
provided to an appropriate level of management in the financial 
institution.
    Training. An institution should identify relevant personnel who may 
need specialized training regarding CSFTs to be able to effectively 
perform their oversight and review responsibilities. Appropriate 
training on the financial institution's policies and procedures for 
handling elevated risk CSFTs is critical. Financial institution 
personnel involved in CSFTs should be familiar with the institution's 
policies and procedures concerning elevated risk CSFTs, including the 
processes established by the institution for identification and 
approval of elevated risk CSFTs and new complex structured finance 
products and for the elevation of concerns regarding transactions or 
products to appropriate levels of management. Financial institution 
personnel should be trained to identify and properly handle elevated 
risk CSFTs that may result in a violation of law.
    Audit. The internal audit department of any financial institution 
is integral to its defense against fraud, unauthorized risk taking and 
damage to the financial institution's reputation. The internal audit 
department of a financial institution should regularly audit the 
financial institution's adherence to its own control procedures 
relating to elevated risk CSFTs, and further assess the adequacy of its 
policies and procedures related to elevated risk CSFTs. Internal audit 
should periodically validate that business lines and individual 
employees are complying with the financial institution's standards for 
elevated risk CSFTs and appropriately identifying any exceptions. This 
validation should include transaction testing for elevated risk CSFTs.
    Reporting. A financial institution's policies and procedures should 
provide for the appropriate levels of management and the board of 
directors to receive sufficient information and reports concerning the 
institution's elevated risk CSFTs to perform their oversight functions.

IV. Conclusion

    Structured finance products have become an essential and important 
part of the U.S. and international capital markets, and financial 
institutions have played an important role in the development of 
structured finance markets. In some instances, however, CSFTs have been 
used to misrepresent a customer's financial condition to investors and 
others, and financial institutions involved in these transactions have 
sustained significant legal and reputational harm. In light of the 
potential legal and reputational risks associated with CSFTs, a 
financial institution should have effective risk management and 
internal control systems that are designed to allow the institution to 
identify elevated risk CSFTs, to evaluate, manage and address the risks 
arising from such transactions, and to conduct those activities in 
compliance with applicable law.

    Dated: May 4, 2006.
John C. Dugan,
Comptroller of the Currency.

    Dated: May 8, 2006.

    By the Office of Thrift Supervision.
John M. Reich,
Director.

    By order of the Board of Governors of the Federal Reserve 
System, May 9, 2006.
Jennifer J. Johnson,
Secretary of the Board.

    Dated at Washington, DC, the 9th day of May, 2006.

    By order of the Federal Deposit Insurance Corporation.
Robert E. Feldman,
Executive Secretary.

    Dated: May 9, 2006.

    By the Securities and Exchange Commission.
Nancy M. Morris,
Secretary.
[FR Doc. 06-4510 Filed 5-15-06; 8:45 am]

BILLING CODE 4810-33-P
