Federal Deposit Insurance Corporation
Office of Audits
Office of Inspector General
Washington, D.C. 20434

DATE: July 31, 2002

TO: Michael J. Zamorski, Director, Division of Supervision and Consumer Protection

FROM: Russell A. Rau [Electronically produced version; original signed by Russell Rau], Assistant Inspector General for Audits

SUBJECT: Division of Supervision Implementation of Gramm-Leach-Bliley Act Provisions (Audit Report No. 02-025)

The Federal Deposit Insurance Corporation’s (FDIC) Office of Inspector General (OIG) has completed an audit of the Division of Supervision’s (DOS) implementation of Gramm-Leach-Bliley Act (GLBA) provisions affecting state nonmember banks. (Note: As the result of a reorganization that became effective June 30, 2002, the Division of Supervision was merged with the Division of Compliance and Consumer Affairs to become the Division of Supervision and Consumer Protection (DSC). DOS performs safety and soundness examinations of FDIC-supervised institutions through a decentralized organization of regional and field offices. DOS headquarters establishes policies and procedures and provides instruction for the examinations.)

The objectives of this audit were to determine whether: (1) DOS has established coordination arrangements with other regulatory agencies that relate to GLBA activities, (2) DOS’s policies and procedures have been updated to address the restrictions and safeguards in GLBA, and (3) DOS is identifying banks that are directly or indirectly engaged in GLBA activities. (Note: The other regulatory agencies include the Board of Governors of the Federal Reserve System (FRB), Office of the Comptroller of the Currency (OCC), and Securities and Exchange Commission (SEC).) The audit focused on DOS headquarters and did not extend to regional office and examiner activities. Additional details on our objectives, scope, and methodology are contained in Appendix I.

Signed into law on November 12, 1999, GLBA reverses many of the barriers between banking and commerce erected by the Glass-Steagall Act of 1933 and is the most extensive reform of financial services regulation in over 60 years. (Note: The Glass-Steagall Act of 1933 separated banking and commerce in order to restore confidence in the country’s financial system following the stock market crash of 1929 and subsequent revelations of self-dealing and other market abuses by some large banks through securities affiliates. Over ensuing years, the barriers between banking and commerce have been gradually disassembled through a series of legislative and regulatory actions.) GLBA has seven titles addressing financial services, affiliations, regulatory authority, and consumer issues. Its content and language is made complicated by the need to amend the many laws involved. In this audit we looked at sections of the act with the greatest potential of affecting the safety and soundness of state nonmember banks supervised by the FDIC. The audit focused on GLBA’s first three titles – Title I – Facilitating Affiliations Among Banks, Securities Firms, and Insurance Companies; Title II – Functional Regulation; and Title III – Insurance, Subtitle A – State Regulation of Insurance. (Note: GLBA’s Table of Contents is provided in Appendix II. The text of GLBA can be found at the Library of Congress Web site for legislative information on the Internet, http://thomas.loc.gov. Refer to Public Law 106-102.)

Gramm-Leach-Bliley Act of 1999

The Gramm-Leach-Bliley Act of 1999 impacts the types of financial activities that banks and their affiliates can conduct. GLBA also affects how various bank and affiliate activities are regulated and examined. According to the Statement of Managers, H.R. Conference Report 106-434 (1999 U.S.C.C.A.N. 245, 247), GLBA eliminates many federal and state law barriers to affiliations among banks and securities firms, insurance companies, and other financial services providers. Financial organizations are provided flexibility in structuring these new financial affiliations through a holding company structure or a "financial subsidiary." (Note: "Financial subsidiaries" are bank operating subsidiaries engaged in some of the new financial activities permitted for holding companies and their affiliates.) The legislation preserves the role of the FRB as the "umbrella" supervisor for holding companies but also incorporates a system of "functional regulation" to utilize the strengths of the various federal and state financial supervisors. (Note: "Functional regulation" means that various financial activities should be overseen by the regulator with the corresponding regulatory experience: banking is to be supervised by banking regulators, securities activities by the SEC and state regulators, and insurance activities by state insurance regulators.) GLBA stipulates that banks may not participate in the new financial affiliations unless they are well capitalized and well managed. The appropriate regulators are given clear authority to address any failure to maintain these safety and soundness standards in a prompt manner. (Note: GLBA maintains the FDIC’s authority to examine bank affiliates. Section 112. Authority of State Insurance Regulator and Securities and Exchange Commission and Section 115. Examination of Investment Companies uphold the FDIC’s authority to examine an affiliate of an insured depository institution to determine the nature and effect of the relations. GLBA also maintains the FDIC’s authority to regulate bank subsidiaries. Section 114. Prudential Safeguards, upholds the FDIC’s authority to impose restrictions or requirements on relationships or transactions between a state nonmember bank and a subsidiary that are appropriate to avoid significant risk or other adverse effects such as undue concentration of resources, decreased or unfair competition, or conflicts of interest.)

In addition to financial services affiliations and functional regulation, GLBA also has titles or sections relating to unitary thrift holding companies, protecting the privacy of consumer financial information, Federal Home Loan Bank system modernization, automated teller machine fee reform, and the Community Reinvestment Act. As noted previously, these titles or sections were not within the scope of our audit.

GLBA Titles I, II, and III, Subtitle A

Safety and soundness concerns stemming from GLBA derive from the increased affiliations among banks, securities firms, insurance companies, and other financial services providers and the revised regulatory authorities and structure – areas that are addressed under GLBA Titles I, II, and III, Subtitle A.

• Title I – Facilitating Affiliation Among Banks, Securities Firms, and Insurance Companies allows bank holding companies to become "financial holding companies" and expand into a wide variety of services that are "financial in nature." Also, banks are allowed to engage in these "financial in nature" activities through "financial subsidiaries." The following figure illustrates the relationship between banks and these new GLBA-authorized affiliates. (Note: Federal Reserve Act (FRA) Section 23A(a) Restrictions on Transactions with Affiliates, includes in its definition of affiliate, "any company that controls the member bank and any other company that is controlled by the company that controls the member bank affiliate" and "a bank subsidiary of the member bank." FRA Section 23A also applies to state nonmember banks.) For both "financial holding companies" and "financial subsidiaries," regulatory safeguards and limitations on activities apply. Title I maintains the FRB’s broad or "umbrella" regulatory authority over holding companies and their subsidiaries. Title I also promotes "functional regulation" by establishing primary regulators that other regulators depend on and consult.

Figure: Banks and New GLBA-Type Affiliates

[This image appears in the non-508-compliant version of this audit report.]

Text description of figure above: A Financial Holding Company has two entities under it, which are an Other Financial Service Provider and a Bank. Under the Bank is a Financial Subsidiary.

• Title II – Functional Regulation, affects the securities industry and bank securities-related activities. The broad exemption that banks had from SEC regulation is replaced by more limited exemptions. The SEC and FRB are to work together to establish rules for new hybrid financial products. Banks acting as investment advisers to mutual funds are to register with the SEC. Title II authorizes a new and voluntary "investment bank holding company" structure, to be supervised by the SEC.

• Title III – Insurance, Subtitle A – State Regulation of Insurance, defines the types of insurance activities that banks can engage in and establishes relative responsibilities between federal and state officials for the regulation and examination of insurance activities and affiliations. Like Title II dealing with securities, Title III promotes functional regulation regarding insurance. Title III affirms the historical lead authority of state regulation of the insurance business.

Risks to FDIC and the Bank Insurance Fund

Increased affiliation between state nonmember banks and other financial services providers engaged in expanded financial activities – in a new functional regulation environment – poses risks to the FDIC and the Bank Insurance Fund:

• The increased number and types of affiliations heighten the risk that an affiliate might access the assets of a bank in violation of federal law and regulations.
• The need for enhanced communication and coordination in a functional regulation environment increases the risk that some bank activities might not be examined or that results of examinations requiring regulatory action will be slow to be addressed.
• "Financial in nature" activities undertaken by bank affiliates might be new or complex and difficult to regulate and examine. Large losses could go undetected and continue to mount.
• New "financial in nature" activities might have unforeseen potential liabilities which, if realized, might be applied to insured institutions.

GLBA-Related Activity of State Nonmember Banks

Federal Reserve System data indicate that, as of December 31, 2001, the bank holding companies of 480 of a total of 4,971 state nonmember banks had elected to become financial holding companies. (Note: We could not assess the overall extent of state nonmember banks’ GLBA-related activities using available data, in part because it is difficult to identify non-bank affiliates and aggregate the data.)

Consolidated Report of Condition and Income (Call Report) regulatory capital data indicate that as of December 31, 2001, six state nonmember banks reported equity in financial subsidiaries; however, FDIC’s DOS has subsequently determined that five of these banks misreported and only one owns a financial subsidiary.

Call Report noninterest income data indicate that, as of December 31, 2001, large numbers of state nonmember banks are generating income from activities that may be affected by GLBA regulations and examination requirements. For example, from a total of 4,971 state nonmember banks, 1,174 or 24 percent report income from "investment banking, advisory, brokerage, and underwriting fees and commissions" – activities affected by GLBA Title II – Functional Regulation, Subtitle A – Brokers and Dealers, particularly because it designates the SEC as primary regulator. Also, 2,433 or 49 percent of state nonmember banks report income from "insurance commissions and fees" – activities that are affected by GLBA Title III – Insurance, Subtitle A – State Regulation of Insurance. (Note: These are not new activities authorized by GLBA. With the possible exception of financial subsidiaries, GLBA does not authorize new in-house state nonmember bank activities but might affect how they are regulated and examined.) Appendix III provides a more complete analysis of noninterest income data.

FDIC Approach to Addressing GLBA

Upon enactment of GLBA, an FDIC agency-wide meeting was held to assign Divisions responsibility for each section of the law. From this process, a "GLBA Corporate Project List" was developed. DOS has been assigned multiple sections on the Project List and for many sections serves as the lead division. A closeout procedure consisting of an explanation and certification is required for each GLBA section on the Project List. The Legal Division maintains the list. As of May 2, 2002, 49 of 62 items included on the Project List have been closed out. Appendix IV shows the status of each item on the Project List as of that date. Using a combination of personal contacts, the Federal Register, industry publications, and database search vehicles such as Lexis, the FDIC Legal Division monitors other agencies’ GLBA activities, including the issuance of regulations. Other agencies usually notify the Legal Division of pending or final action and the Legal Division then notifies DOS.

GLBA sections on the Project List have been assigned to individuals within various DOS sections and branches based upon their areas of expertise. Also, DOS created the position of GLBA Project Coordinator to monitor and coordinate the Division’s GLBA-related activities.

DOS typically issues examination policies and procedures as Regional Directors Memorandums (RD Memos), Examination Documentation Modules (ED Modules), revisions to the Manual of Examination Policies, and revisions to the Trust Examination Manual. Consistent with that approach, DOS has issued guidance on specific GLBA areas in the form of RD Memos and has addressed securities-related issues in amendments to the Trust Examination Manual.

RESULTS OF AUDIT

DOS has established coordination arrangements with other federal regulatory agencies through working groups, personal contacts, and monitoring activities. DOS representatives attend periodic meetings of the informal Cross-Sector Regulatory Working Group, consisting of representatives from each of the financial regulatory agencies. The purpose of the Group is to provide for communication and increased awareness of each agency’s GLBA-related responsibilities and activities. For state nonmember bank insurance activities, "Information Sharing and Confidentiality Agreements" with state insurance commissioners have been developed and are being entered into on a state-by-state basis. (Note: The purpose of the Agreements is to facilitate the exchange of examination and other information regarding insurance companies and affiliate depository institutions, as authorized by GLBA Section 307. Interagency Consultation. The Agreements cover exchange of information on enforcement actions, consumer complaints, and other supervisory activities.) As of March 6, 2002, agreements had been completed with 36 states. Also, DOS representatives are attending quarterly meetings of the National Association of Insurance Commissioners.

DOS and Legal Division personnel have participated in an interagency working group addressing information sharing with the SEC. However, an information sharing agreement with the SEC dating from June 17, 1987 needs to be updated to reflect GLBA considerations. The effect of not having updated this agreement is that DOS examinations staff do not have current procedures regarding information sharing with the SEC. This is important because GLBA places restrictions on the examination of bank and affiliate securities activities, as described below. Without current procedures, information requests have to be developed and processed on a case-by-case basis.

With respect to DOS’s updating of policies and procedures to address restrictions and safeguards in GLBA, DOS has updated or created related policies and procedures to address most of the GLBA sections covered in our review. However, two sources of reference for examiners, the Manual of Examination Policies and a Supplemental ED Module, have not been updated with respect to guidance on "Related Organizations" to address the issue of bank relations with affiliates, including holding companies. The effect of not updating these policies and procedures is that examination staff have lacked comprehensive guidance on this aspect of the law.

SEC has not issued final rules for GLBA Section 201. Definition of Broker and Section 202. Definition of Dealer, both of which replace the broad exemption banks had from SEC regulation with more limited exemptions. Once final rules are issued, the FDIC and other federal banking agencies will issue rules for Section 204. Information Sharing, which requires that recordkeeping requirements be established for banks relying on the limited exemptions contained in Section 201 and Section 202. DOS is waiting for final regulations on Section 204 before issuing guidance in its examination policies and procedures.

As for the overall timeliness of updating GLBA-related policies and procedures, Appendix V compares when GLBA sections became effective to when guidance was issued. Guidance on Title I has been issued for some sections, while other sections have been partially addressed or not at all. Guidance on Title II has been issued except for bank recordkeeping requirements, which are dependent on regulations to be issued by SEC. Guidance has been issued for all of Title III, Subtitle A.

While FDIC has access to Federal Reserve System data on financial holding companies, DOS information systems do not currently identify banks that are directly or indirectly engaged in GLBA-affected activities. Several internal databases used by DOS to describe bank and holding company structure information do not identify GLBA-related entities such as financial holding companies and financial subsidiaries. The DOS databases for bank and holding company structure information also do not include nonbank affiliates such as insurance companies and securities firms. Not having this information detracts from the ability to assess risk; examine for transactions with affiliates; and, consistent with the premise of functional regulation, coordinate with primary regulators overseeing financial activities corresponding to their areas of expertise.

Also concerning DOS information systems, the recordkeeping requirements in Section 204. Information Sharing could identify banks engaged in securities-related activities that are exempt from SEC oversight. This information would be of help in examinations and for coordinating with SEC. Early analysis of Section 204. Information Sharing’s impact on DOS information systems is important because of the time requirements to budget project funds and coordinate with other FDIC divisions to accomplish system modifications.

PROCEDURES FOR SHARING INFORMATION WITH THE SEC

An agreement has existed since June 17, 1987 establishing procedures for the FDIC to access the SEC’s nonpublic information. The agreement has not been updated and broadened to address certain GLBA sections described below. Progress has not been made in revising the agreement in part because the SEC has given priority to working with the FRB and the OCC. DOS and Legal Division personnel believe that state nonmember bank investment company and investment adviser activity is minimal and so have given the matter a low priority. The effect of not having updated this agreement is that DOS examinations staff do not have current procedures regarding notifications of, and information sharing with, the SEC. Without current procedures, information requests have to be developed and processed on a case-by-case basis.

Procedures for the exchange of information with the SEC have not been updated to address the following GLBA sections:

• GLBA Section 115. Examination of Investment Companies

GLBA Section 115. Examination of Investment Companies, prohibits federal banking agencies, including the FDIC, from examining any registered investment company that is not a bank holding company or a savings and loan holding company. It also requires the SEC to provide to any federal banking agency, upon request, the results of any examination, reports, records, or other information with respect to any registered investment company to the extent necessary for the agency to carry out its statutory responsibilities.

The "GLBA Corporate Project List" indicates that Section 115 is to be addressed in a memorandum of understanding (MOU) with the SEC. DOS and SEC have not agreed to procedures to address Section 115 through an MOU or by other means.

• GLBA Section 217. Removal of the Exclusion from the Definition of Investment Adviser for Banks that Advise Investment Companies

Section 217 removes the exclusion of banks from the definition of investment adviser under the Investment Advisers Act of 1940. The effect is that banks performing investment advisory services are now subject to the same SEC regulation as other investment advisers. The section also provides that banks can establish a separately identifiable department (SID) in which such services are performed; the department and not the bank shall be deemed to be the investment adviser and subject to SEC regulation and examination.

The "Project List" states that SEC has not issued rules for Section 217, the Section is addressed in the Trust Examination Manual, and no further action is needed. DOS representatives believe that Section 217 will affect only state nonmember bank trust departments. However, in our view, investment advisory services provided by a SID might exist separate and outside of a trust department.

• GLBA Section 220. Interagency Consultation

Section 220. Interagency Consultation, amends the Investment Advisers Act of 1940, adding a new Section 210A. Consultation. This new section requires federal banking regulators and the SEC to share the results of any examination, reports, records, or other information regarding the investment advisory activities of any bank, bank holding company, or SID registered as an investment adviser. If the bank has a SID that is a registered investment adviser, GLBA requires the bank regulator to share with the SEC the results of any examination, reports, records or other information regarding the bank.

The "Project List" indicates that work on Section 220 has been completed and no further action is needed. DOS’s Trust Examination Manual has been revised to include mention of Section 220. However, an MOU between the FDIC and SEC addressing the requirements of Section 220 has not been developed to facilitate the exchange of information between the two agencies.

• GLBA Section 222. Statutory Disqualification for Bank Wrongdoing

Section 222. Statutory Disqualification for Bank Wrongdoing amends the Investment Company Act of 1940 to include banks as organizations that are disqualified from investment advising if they have been convicted of a felony or misdemeanor or have otherwise been enjoined because of their securities activities.

The "Project List" shows that Section 222 has been closed and does not indicate that any action was taken.

Based on the June 17, 1987 agreement between the FDIC and the SEC, DOS issued an RD Memo titled, "Access to Securities and Exchange Commission’s Nonpublic Information" (no. 87-129, dated July 16, 1987). The language of the sample documentation request letters, provided as attachments to the RD Memo, relates to criminal or civil investigations and is not clearly applicable to information with respect to any registered investment company (Section 115) or investment adviser (Section 217, Section 220, and Section 222). (Note: The sample documentation request letters contain the verbiage, "This request is made in connection with an ongoing lawful investigation or official proceeding inquiring into a violation of, or failure to comply with, a criminal or civil statute or regulation, rule or order issued pursuant thereto, being conducted by [name of requesting agency].") DOS and Legal Division personnel have participated in an inter-agency working group addressing information sharing with the SEC. DOS and Legal Division personnel have suggested that progress has not been made in revising the agreement to allow the FDIC access to the SEC’s nonpublic information in part because the SEC has given priority to working with the FRB and the OCC. DOS and Legal Division personnel believe that state nonmember bank investment company and investment adviser activity is minimal and so have given the matter a low priority.

Recommendation

We recommend that the Director, DOS:

(1) In conjunction with the Legal Division and the SEC, develop procedures for information sharing consistent with GLBA Section 115. Examination of Investment Companies, Section 217. Removal of the Exclusion from the Definition of Investment Adviser for Banks that Advise Investment Companies, Section 220. Interagency Consultation, and Section 222. Statutory Disqualification for Bank Wrongdoing.

DOS POLICIES AND PROCEDURES ON "RELATED ORGANIZATIONS" AND BANK RECORDKEEPING REQUIREMENTS

The DOS Manual of Examination Policies and Supplemental ED Module guidance on "Related Organizations," covering significant areas affected by GLBA, particularly bank relations with affiliates, have not been updated. The DOS practice of making comprehensive, as opposed to piecemeal, revisions to the Manual of Examination Policies has affected the timing of the update. Manual of Examination Policies Section 4.3 "Related Organizations" will be revised before the Supplemental ED Module on related organizations. The effect of not updating these policies and procedures is that examination staff have lacked comprehensive guidance on examining GLBA’s impact on bank affiliates.

Appendix V compares when GLBA sections became effective to when guidance was issued. Guidance on Title I was issued for some sections, while other sections have been partially addressed or not at all. (These other sections are described below under DOS Policies and Procedures on "Related Organizations.") Guidance on Title II has been issued except for bank recordkeeping requirements, which are dependent on regulations to be issued by the SEC. (This matter is described below under DOS Examination Guidance on Bank Recordkeeping Requirements.) Guidance has been issued for all of Title III, Subtitle A.

Once the SEC issues final rules for GLBA Section 201. Definition of Broker and Section 202. Definition of Dealer, both of which replace the broad exemption banks had from SEC regulation with more limited exemptions, the FDIC and other federal banking agencies will issue rules for Section 204. Information Sharing, which requires that recordkeeping requirements be established for banks relying on the limited exemptions contained in Section 201 and Section 202. DOS plans to issue guidance on Section 204 after final regulations have been issued. Because banks are not being asked to comply until final regulations are issued, the lack of DOS guidance has no effect.

DOS Policies and Procedures on "Related Organizations"

The Manual of Examination Policies Section 4.3 "Related Organizations" provides guidance on bank holding companies, subsidiaries, and other affiliates. This guidance includes a discussion of Federal Reserve Act (FRA) Section 23A and Section 23B, which regulate transactions between banks and their affiliates. However, Section 4.3 "Related Organizations" has not been revised since August 1999, before the passage of GLBA in November 1999.

The Supplemental ED Module, "Related Organizations," provides model examination procedures applicable to bank holding companies, subsidiaries, and other affiliates. Guidance includes consideration of certain control and performance objectives (i.e., standards) and associated risks. Specific guidance is given to topical areas such as, "Evaluation of Affiliate Operations," and "Compliance with Sections 23A and 23B, Part 362, and Other Applicable Regulations." The "Related Organizations" ED Module was revised in October 2000 but does not address certain key aspects of GLBA.

For example, topics in Section 4.3 and the Supplemental ED Module that are affected by GLBA and are not updated include: bank holding companies (GLBA authorizes a new type of holding company, the financial holding company); limited purpose banks; affiliates, including transactions between banks and their affiliates; subsidiaries (GLBA authorizes a new type of subsidiary, the financial subsidiary); and examination authority. (Note: Limited purpose banks – also known as nonbank banks or CEBA banks, after the Competitive Equality Banking Act of 1987 – are banks that either make commercial loans or accept demand deposits, but not both, and are insured by the FDIC. Companies that own them are not treated as bank holding companies as long as they comply with certain restrictions.) Some of these topics have been addressed in RD Memos (see Appendix V). However, without updated guidance on "Related Organizations" examination staff do not have readily available and detailed guidance and a risk exists that bank examinations might not consider GLBA’s effects in these areas.

In addition to general topical areas in "Related Organizations" that are affected by GLBA and should be updated, we identified certain related GLBA sections for which updated guidance is not complete:

• GLBA Section 107. Cross Marketing Restriction; Limited Purpose Bank Relief; Divestiture

GLBA Section 107. Cross Marketing Restriction; Limited Purpose Bank Relief; Divestiture, amends restrictions on limited purpose banks and their holding companies and affiliates. DOS has drafted guidance on §107 but has not finalized and incorporated the changes yet.

• Amended Bank Holding Company Act Section 4(n) "Authority to retain limited non-financial activities and affiliations," and Section 4(o) "Regulation of certain financial holding companies"

GLBA Section 103. Financial Activities, subsection (a), amends Bank Holding Company Act (BHCA) Section 4(n) and Section 4(o) and places restrictions on companies that are not bank holding companies or foreign banks and that become financial holding companies. The restrictions pertain to cross marketing products between depository institutions and certain affiliates. The restrictions also prohibit depository institutions from engaging in certain specified types of transactions, called "covered transactions," with nonfinancial affiliates. (Note: Amended BHCA Section 4(n). "Authority to retain limited non-financial activities and affiliations," allows a company that is not a bank holding company or a foreign bank and becomes a financial holding company to continue to engage in any activity and retain direct or indirect ownership of a company engaged in any activity. Certain requirements apply. (See BHCA Section (4)(n)(1)(A-C).) Amended BHCA Section (4)(n)(5). "Cross Marketing Restrictions Applicable to Commercial Activities," limits the ability of depository institutions to engage in cross marketing with nonfinancial subsidiaries of the same financial holding company. Amended BHCA Section (4)(n)(6). "Transactions with Nonfinancial Affiliates," prohibits depository institutions from engaging in any "covered transactions" with nonfinancial affiliates owned by the same holding company. "Covered transactions" are: loans to the affiliate; investments in the affiliate’s securities; most purchases of assets from the affiliate; acceptance of the affiliate’s securities as collateral for any loan; and guaranteeing in any manner any extension of credit to the affiliate. Amended BHCA Section 4(o) "Regulation of certain financial holding companies," allows a company that is not a bank holding company or a foreign bank and becomes a financial holding company to continue to engage in "activities related to the trading, sale, or investment in commodities…" Certain requirements apply. Amended BHCA subsection (4)(o)(3) prohibits the cross marketing of products or services between commodities firms and depository institutions held by the same financial holding company.) DOS has determined that an implementation plan is not necessary for amended BHCA Section 4(n) and Section 4(o) because it believes they are a limited part of the statute with no evidence of immediate impact on state nonmember banks. (Note: While likely quite limited, the overall impact of these provisions on state nonmember banks cannot be determined because the Federal Reserve Board does not explicitly identify these special types of financial holding companies in its National Information Center database used by the FDIC for holding company information.) Because GLBA Section 103(a) amendments to BHCA Section 4(n) and Section 4(o) are not addressed, there is a possibility that examiners may not be aware of these special types of financial holding companies and the restrictions on their depository institutions related to cross marketing and covered transactions.

• GLBA Section 121(b) "Sections 23A and 23B of the Federal Reserve Act"

GLBA Section 121. Subsidiaries of National Banks, subsection (a) In General, authorizes national banks to conduct in "financial subsidiaries" certain activities that are "financial in nature." Similar, but not identical, authorities for owning financial subsidiaries are extended to state (member and nonmember) banks. GLBA Section 121(b) "Sections 23A and 23B of the Federal Reserve Act," requires that the financial subsidiary be treated as an affiliate – the bank must apply the same limits on transactions with affiliates to its transactions with the financial subsidiary. A number of exceptions and special provisions apply. (Note: FRA Section 23A and Section 23B place strict limitations on transactions between banks and affiliates. GLBA Section 121(b) applies these same restrictions to transactions between banks and their financial subsidiaries. GLBA Section 121(b) makes exceptions in amended FRA §23A(e)(3)(A) Exception from Limit on Covered Transactions with Any Individual Financial Subsidiary, and Section 23A(e)(3)(B) Exception for Earnings Retained by Financial Subsidiaries. Additional restrictions are made in amended Section 23A(e)(4) Anti-Evasion Provision, which addresses investments in, and extensions of credit to, financial subsidiaries by bank affiliates.)

DOS has issued an RD Memo, Activities of Insured State Banks and Their Subsidiaries (no. 2001-051, dated November 15, 2001) providing guidance on the implementation of the provisions of GLBA concerning financial subsidiaries of state nonmember banks. The RD Memo states, "The state nonmember bank must comply with the amendments to sections 23A and 23B of the Federal Reserve Act made by section 121(b) of the GLBA that require certain ongoing transactional restrictions." More detailed guidance is not provided on the Section121(b) limits on transactions because DOS believes examiners will identify them by reading FRA Section 23A and Section 23B directly. (Note: GLBA Section 121(b) limits on transactions were described in an earlier version of the RD Memo, "Activities of Insured State Banks and Their Subsidiaries," but the description was dropped when published FDIC regulations included the amendments to FRA Section 23A and Section 23B.) However, lack of explicit guidance on the exceptions and special provisions in GLBA Section 121(b) (specifically, amendments to FRA Section 23A(e)(3) Exceptions for Transactions with Financial Subsidiaries and Section 23A(e)(4) Anti-Evasion Provision, which addresses investments in, and extensions of credit to, financial subsidiaries by bank affiliates) increases the risk that transactions in violation of these sections might not be examined and detected since these detailed provisions are not readily available. State nonmember bank and financial subsidiary transactions with affiliates is an area of risk for GLBA.

The DOS practice of making comprehensive, as opposed to piecemeal, revisions to the Manual of Examination Policies has affected the timing of the Section 4.3 revision. According to DOS staff members, they do not consider Section 4.3 to warrant priority over other work. The Supplemental ED Module on related organizations has not been revised because DOS staff wants to revise Section 4.3 first.

DOS Examination Guidance on Bank Recordkeeping Requirements

DOS is awaiting final regulations before issuing guidance on GLBA Section 204. Information Sharing. Section 204 requires federal banking regulatory agencies, after consultation with the SEC, to establish recordkeeping requirements for banks relying on the exceptions from the definitions of broker and dealer contained in Section 201. Definition of Broker, and Section 202. Definition of Dealer. These recordkeeping requirements must be sufficient to demonstrate compliance with the terms of the exceptions. The resultant records are to be made available to the SEC upon request.

The SEC published interim final rules for Section 201 and Section 202, effective May 11, 2001, in response to the legislatively imposed implementation date of May 12, 2001. The SEC is not enforcing the interim final rules and plans to reissue proposed rules for public comment. The eventual implementation date for final rules is uncertain. The FDIC and other banking regulatory agencies are coordinating with the SEC to issue regulations for Section 204. Information Sharing, at or near the time when the SEC issues final regulations for Section 201 and Section 202. DOS cannot issue detailed guidance on Section 204 until final regulations are issued. Because banks have not been asked by the SEC to comply with Section 201 and Section 202 until final regulations are issued, the lack of DOS guidance has no effect.

Recommendation

We recommend that the Director, DOS:

(2) Expedite comprehensive revisions of Manual of Examination Policies Section 4.3 "Related Organizations" and the Supplemental ED Module, "Related Organizations," to address relevant sections and provisions of GLBA.

DOS INTERNAL DATABASES

DOS headquarters has not been identifying banks that are directly or indirectly engaged in GLBA-affected activities. Several internal databases used by DOS to describe bank and holding company structure information do not identify GLBA-related entities such as financial holding companies and financial subsidiaries. The DOS databases for bank and holding company structure information also do not include nonbank affiliates such as insurance companies and securities firms. Absent this data, examiners may not be able to fully assess the overall extent of GLBA-related activity, identify potential risks related to transactions between banks and their financial services affiliates, and, consistent with the premise of functional regulation, coordinate with primary regulators overseeing financial activities corresponding to their areas of expertise.

The bank recordkeeping requirements in Section 204. Information Sharing, could identify banks engaged in securities-related activities that are exempted from SEC oversight. This information would be of help in examinations and for coordinating with the SEC. The impact of GLBA Section 204. Information Sharing, on DOS information systems should be planned for. Without planning, delays in coordination with other FDIC Divisions and in obtaining the necessary budget authorization could result.

Case Administration System, ViSION, and SIMS Databases Should Be Revised to Add Fields for Financial Holding Companies

As part of our audit procedures, we reviewed the Case Administration System, Virtual Supervisory Information On the Net (ViSION), and Structure Information Management System (SIMS) databases maintained and used in-house by DOS to determine whether they identify certain GLBA newly-authorized entities:

• Financial holding companies. GLBA authorizes a bank holding company to elect to become a financial holding company.
• Financial subsidiaries. GLBA authorizes state nonmember banks to hold an interest in this new type of subsidiary.
• Separately identifiable departments. GLBA gives banks the option of conducting investment advisory services through a "separately identifiable department."

Our review determined that the Case Administration System and ViSION do not have fields to identify financial holding companies, financial subsidiaries, or separately identifiable departments. SIMS does not have a field to identify financial holding companies. (Because it is intended to identify a bank’s branch system, SIMS does not otherwise identify bank internal structure or subsidiaries.)

As of December 31, 2001, bank holding companies of 480 of 4,971 state nonmember banks had elected to become financial holding companies. As of December 31, 2001, there was one financial subsidiary and one separately identifiable department. In conjunction with other revisions to the software programs, DOS internal databases should be revised to add fields for financial holding companies. The databases should be revised to identify financial subsidiaries and separately identifiable departments depending on whether and when they become more numerous.

Our review of DOS databases also included the ViSION Application Tracking System (ViSION AT). FDIC Regulations Part 362.E. requires banks to notify the FDIC if they start or acquire a financial subsidiary. DOS should keep records of these notifications in ViSION AT. We determined that ViSION AT does not have a field for recording bank notifications of financial subsidiaries and that, for the time being, any such notices received are to be entered into another ViSION AT field intended for other purposes. DOS plans to add a field for financial subsidiary notifications to ViSION AT as part of a more comprehensive revision.

Changes to Information Systems Based on Rules and Regulations for Section 204. Information Sharing, Should Be Anticipated

After the SEC promulgates final rules for GLBA Section 201. Definition of Broker and Section 202. Definition of Dealer, both of which replace the broad exemption banks had from SEC regulation with more limited exemptions, the FDIC will issue rules for Section 204. Information Sharing, which requires federal banking agencies to establish recordkeeping requirements for banks relying on the limited exemptions contained in Section 201 and Section 202. If this information is not contained in DOS’s internal databases, its ability to identify banks engaged in certain types of securities-related activities will be impacted. Early analysis of GLBA Section 204’s impact on DOS information systems is important because of the time requirements for coordinating with the Division of Information Resources Management and the need to budget project funds in order to accomplish system modifications.

Recommendations

The Director, DOS, should:

(3) In conjunction with other revisions to the software programs, revise the Case Administration System, ViSION, and SIMS databases to add fields for financial holding companies.

(4) Based on rules and regulations for Section 204. Information Sharing, plan for changes to information systems in order to identify banks engaged in activities exempted from SEC regulation.

CORPORATION COMMENTS AND OIG EVALUATION

On July 22, 2002, the Director of DSC provided a written response to the draft report. The response is presented in Appendix VI to this report. We also had subsequent discussions with DSC staff to clarify aspects of the written response. In addition, because portions of the report mentioned activities of the Securities and Exchange Commission (SEC), we provided a copy of the draft to the SEC for review. SEC’s response is presented in Appendix VII and the Commission had no comments.

Prior to responding to each of the report’s four recommendations, DSC stated in its response, "We anticipate that your final report will clarify that the FDIC is in compliance with all portions of GLBA that required action by the FDIC such as rulemaking or establishing procedures and that the exceptions noted in your report are considered technical in nature and should not impact the safety and soundness examination of any institution."

As described in Appendix I, our audit objectives, scope, and methodology do not provide for an overall conclusion on whether the FDIC is in compliance with all portions of GLBA. The audit objectives addressed DOS’s coordination with other regulatory agencies, updates of policies and procedures, and identification of banks engaged in GLBA activities. The audit procedures were limited to GLBA Titles I, II, and III, Subtitle A. Overall assessments of whether the reported exceptions are "technical in nature" and might "impact the safety and soundness examination of any institution" are also beyond the scope of this audit. However, throughout the report we acknowledge DOS’s many accomplishments in implementing GLBA provisions.

DSC concurred with each of our four recommendations. A summary of each recommendation and DSC’s comments follows:

Recommendation 1: In conjunction with the Legal Division and the SEC, develop procedures for information sharing consistent with GLBA Section 115. Examination of Investment Companies, Section 217. Removal of the Exclusion from the Definition of Investment Adviser for Banks that Advise Investment Companies, Section 220. Interagency Consultation, and Section 222. Statutory Disqualification for Bank Wrongdoing.

DSC management concurred with the recommendation. The FDIC has actively attempted to establish a revised Memorandum of Understanding (MOU) with the SEC but the SEC has devoted its resources elsewhere and is formulating targeted MOUs where necessary. In DSC’s opinion, the cited sections are "self-executing" and do not mandate any action or are under the jurisdiction of the SEC. DSC’s view is that the information sharing requirements and accompanying procedures have been addressed in great detail in the revised Trust Manual. According to DSC, there have been no instances where the revised trust examination procedures have been shown to be inadequate.

DSC’s effort to revise the existing 1987 MOU would suggest their belief that an update is necessary. The value of the MOU is to establish procedures for the exchange of information between the SEC and FDIC. The information sharing requirements have been addressed in the revised Trust Manual but the procedures should be established and explained in an agreement or other guidance to the staff. Also, as stated in the audit report, some of the affected activities might occur outside of a bank’s trust department.

In subsequent discussions, DSC staff stated that they are constrained from taking further action on this recommendation pending further action by the SEC. However, there might be alternative actions available, such as DSC issuing staff guidance on information sharing procedures unilaterally or elevating the issue to a higher level of management within the FDIC for resolution. DSC management should reconsider its response and reply within 30 days of the issuance of this report.

This recommendation is unresolved, undispositioned, and open.

Recommendation 2: Expedite comprehensive revisions of Manual of Examination Policies Section 4.3 "Related Organizations" and the Supplemental ED Module, "Related Organizations," to address relevant sections and provisions of GLBA.

DSC management concurred with the recommendation. According to DSC, most of the items cited under this finding have already been addressed in revisions to DSC’s policies and procedures. Each item is specifically addressed as follows:

• DOS Policies and Procedures on "Related Organizations"

DSC management states that DOS Manual of Examination Policies Section 4.3 entitled "Related Organizations" was updated February 2002 to include GLBA-related guidance. A decision has been made to update the supplemental ED module on "Related Organizations" when issues related to FRB proposed Regulation W concerning Federal Reserve Act (FRA) Section 23A and Section 23B are settled.

On May 7, 2002 we were informed that the revised Section 4.3 "Related Organizations" was "in printing." As of July 31, 2002 the revised Section 4.3 was not included in the Manual of Examination Policies on DSC’s website.

The supplemental ED module on "Related Organizations" contains substantial guidance on matters other than FRA §23A and §23B and DSC did not provide a timeframe for when issues related to FRB proposed Regulation W will be settled.

• GLBA Section 107. Cross Marketing Restriction; Limited Purpose Bank Relief; Divestiture

DSC states that this has been addressed in the Manual of Examination Policies Section 4.3 "Related Organizations" revision.

• Amended Bank Holding Company Act Section 4(n) "Authority to retain limited nonfinancial activities and affiliations," and Section 4(o) "Regulation of certain financial holding companies"

In consultation with the Legal Division, DSC states that any guidance related to this area should come from the FRB and not the FDIC. In subsequent discussions, however, DSC staff indicated that guidance would be issued pending further action by the FRB.

Our recommendation was that Section 4.3 "Related Organizations" identify GLBA’s authorization of "companies that are not bank holding companies or foreign banks" to become financial holding companies and related restrictions pertaining to cross marketing products and covered transactions with depository institutions. We were not recommending the type of interpretive guidance cited in DSC’s response.

• GLBA Section 121(b) "Sections 23A and 23B of the Federal Reserve Act"

DSC states that it has chosen not to issue interpretive guidance on FRA Section 23A and Section 23B coverage of financial subsidiaries until outstanding issues are resolved with the FRB related to proposed Regulation W affecting transactions between banks and their affiliates. DSC did not provide a timeframe for when issues related to FRB proposed Regulation W will be settled.

Again, we were not recommending the type of interpretive guidance cited in DSC’s response. Section 4.3 "Related Organizations" guidance on financial subsidiaries could cite the exceptions and special provisions of GLBA Section 121(b) - specifically, amendments to FRA Section 23A(e)(3) Exceptions for Transactions with Financial Subsidiaries and Section 23A(e)(4) Anti-Evasion Provision, which address investments in, and extensions of credit to, financial subsidiaries by bank affiliates.

• DOS Examination Guidance on Bank Recordkeeping Requirements

DSC is awaiting final regulations from the SEC before issuing guidance on GLBA Section 204. Information Sharing. (The report makes no recommendation concerning this matter.)

DSC management should reconsider its response and reply within 30 days of the issuance of this report. The reply should provide a timeframe for when issues related to FRB proposed Regulation W and FRA Section 23A and Section 23B will be settled. If the timeframe is unknown or uncertain, then issuance of GLBA-related guidance in the supplemental ED module on "Related Organizations" should be considered. The reply should address when revised Section 4.3 "Related Organizations" will be included in the Manual of Examination Policies on DSC’s website. DSC should address in the reply its reconsideration of whether GLBA’s authorization of "companies that are not bank holding companies or foreign banks" to become financial holding companies and related restrictions pertaining to cross marketing products and covered transactions with depository institutions should be described in the manual. Finally, the reply should address management’s reconsideration of whether guidance on financial subsidiaries could cite the exceptions and special provisions in GLBA Section 121(b).

This recommendation is unresolved, undispositioned, and open.

Recommendation 3: In conjunction with other revisions to the software programs, revise the Case Administration System, ViSION, and SIMS databases to add fields for financial holding companies.

DSC management concurred with the recommendation. DSC stated that the Case Administration System is being converted to become the Case Administration module in ViSION. The new Case Administration module in ViSION will identify information about financial holding company operations in the fourth quarter of 2002.

On June 30, 2002, SIMS was transferred to the Division of Insurance and Research. A modification to SIMS that will, among other things, identify financial holding companies, is planned for the fourth quarter of 2002.

This recommendation is resolved, undispositioned, and open.

Recommendation 4: Based on rules and regulations for Section 204. Information Sharing, plan for changes to information systems in order to identify banks engaged in activities exempted from SEC regulation.

DSC management concurred with the recommendation. DSC states that changes to information systems for Section 204. Information Sharing will be included in the Specialty Examination Tracking System which is planned for revision in 2003. However, in subsequent discussions DSC said the changes cannot be made until the SEC issues final regulations for Section 201. Definition of Broker and Section 202. Definition of Dealer and the date of those final regulations is uncertain.

Because of the time requirements for coordinating with the Division of Information Resources Management and the need to budget project funds in order to accomplish system modifications, DSC management should reconsider its response and reply within 30 days of the issuance of this report. In its reply, management should address whether the identification of individual depository institution exemptions from broker and dealer requirements, as provided for in §201 and §202, could be achieved based upon a reading of the law and absent final SEC regulations.

This recommendation is unresolved, undispositioned, and open.

OBJECTIVES, SCOPE, AND METHODOLOGY

The audit addressed DOS implementation of GLBA provisions that authorize new affiliations among banks, securities firms, insurance companies, and other financial services providers, or that modify regulatory agency authorities. Of GLBA’s seven titles, we focused on the provisions of three that we determined were most relevant: Title I – Facilitating Affiliation Among Banks, Securities Firms, and Insurance Companies; Title II – Functional Regulation; and Title III – Insurance, Subtitle A – State Regulation of Insurance.

The audit objectives were to determine whether: (1) DOS has established coordination arrangements for GLBA activities with other regulatory agencies; (2) DOS policies and procedures have been updated to address the restrictions and safeguards in GLBA; and (3) DOS is identifying banks that are directly or indirectly engaged in GLBA activities. The audit focused on DOS headquarters and did not extend to regional office and examiner activities.

We reviewed GLBA to identify: financial activities and affiliations authorized by the legislation; requirements or qualifications to engage in the financial activities; limitations on transactions and other relations between state nonmember banks and their holding companies, affiliates and subsidiaries; authorities specifically granted to the FDIC to examine and regulate; and provisions requiring the FDIC to coordinate with other regulatory agencies. We assessed GLBA sections meeting any of these criteria to determine whether DOS should address them and then reviewed applicable DOS guidance, including RD Memos, ED Modules, the Manual of Examination Policies, and the Trust Examination Manual.

We analyzed databases used by DOS for bank and holding company structure information to determine if they identify GLBA-authorized entities (i.e. financial holding companies, financial subsidiaries, and ‘separately identifiable departments’). We reviewed the Case Administration System, Virtual Supervisory Information On the Net (ViSION), and Structure Information Management System (SIMS). We also analyzed ViSION Application Tracking System (ViSION AT) which, among other things, is to record bank notifications of starting or acquiring financial subsidiaries.

We identified Consolidated Reports of Condition and Income (Call Report) schedules providing evidence of GLBA-related activities and then obtained Call Report data to assess the extent of such activity. We reviewed various Federal Reserve System regulatory reports and obtained Federal Reserve System data on bank holding companies to determine how many state nonmember bank holding companies have elected to become financial holding companies.

We reviewed articles and speeches concerning GLBA and its effect on the financial services industry. We analyzed relevant FDIC rules and regulations and DOS policies and procedures (both draft and final). We evaluated the "Gramm-Leach-Bliley Act Corporate Project List" maintained by the FDIC Legal Division to monitor the status of FDIC actions addressing sections of the law and interviewed DOS and Legal Division management and staff in Washington.

The limited nature of the audit objectives did not require assessing internal management controls. We did not (1) test internal controls, (2) review Government Performance and Results Act reporting, (3) test for fraud or illegal acts, (4) test for compliance with laws and regulations, or (5) determine the reliability of computer-processed data obtained from the FDIC’s computerized systems.

Fieldwork was performed from May 2001 through April 2002. The audit was conducted in accordance with generally accepted government auditing standards.

GLBA TABLE OF CONTENTS

Public Law 106—102
106th Congress

Nov. 12, 1999 [S. 900]

Gramm-Leach- Bliley Act. Inter- governmental relations. 12 USC 1811 note.

An Act

To enhance competition in the financial services industry by providing a prudential framework for the affiliation of banks, securities firms, insurance companies, and other financial service providers, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

(a) SHORT TITLE.—This Act may be cited as the "Gramm-Leach-Bliley Act".
(b) TABLE OF CONTENTS.—The table of contents for this Act is as follows:

Sec. 1. Short title; table of contents.

TITLE I—FACILITATING AFFILIATION AMONG BANKS, SECURITIES FIRMS, AND INSURANCE COMPANIES

Subtitle A—Affiliations

Sec. 101. Glass-Steagall Act repeals.
Sec. 102. Activity restrictions applicable to bank holding companies that are not financial holding companies.
Sec. 103. Financial activities.
Sec. 104. Operation of State law.
Sec. 105. Mutual bank holding companies authorized.
Sec. 106. Prohibition on deposit production offices.
Sec. 107. Cross marketing restriction; limited purpose bank relief; divestiture.
Sec. 108. Use of subordinated debt to protect financial system and deposit funds from "too big to fail" institutions.
Sec. 109. Study of financial modernization’s effect on the accessibility of small business and farm loans.

Subtitle B—Streamlining Supervision of Bank Holding Companies

Sec. 111. Streamlining bank holding company supervision.
Sec. 112. Authority of State insurance regulator and Securities and Exchange Commission.
Sec. 113. Role of the Board of Governors of the Federal Reserve System.
Sec. 114. Prudential safeguards.
Sec. 115. Examination of investment companies.
Sec. 116. Elimination of application requirement for financial holding companies.
Sec. 117. Preserving the integrity of FDIC resources.
Sec. 118. Repeal of savings bank provisions in the Bank Holding Company Act of 1956.
Sec. 119. Technical amendment.

Subtitle C—Subsidiaries of National Banks

Sec. 121. Subsidiaries of national banks.
Sec. 122. Consideration of merchant banking activities by financial subsidiaries.

Subtitle D—Preservation of FTC Authority

Sec. 131. Amendment to the Bank Holding Company Act of 1956 to modify notification and post-approval waiting period for section 3 transactions.
Sec. 132. Interagency data sharing.

PUBLIC LAW 106—102—NOV. 12, 1999 113 STAT. 1339

Sec. 133. Clarification of status of subsidiaries and affiliates.

Subtitle E—Natjonal Treatment

Sec. 141. Foreign banks that are financial holding companies.
Sec. 142. Representative offices.

Subtitle F—Direct Activities of Banks

Sec. 151. Authority of national banks to underwrite certain municipal bonds.

Subtitle G—Effective Date

Sec. 161. Effective date.

TITLE II—FUNCTIONAL REGULATION

Subtitle A—Brokers and Dealers

Sec. 201. Definition of broker.
Sec. 202. Definition of dealer.
Sec. 203. Registration for sales of private securities offerings.
Sec. 204. Information sharing.
Sec. 205. Treatment of new hybrid products.
Sec. 206. Definition of identified banking product.
Sec. 207. Additional definitions.
Sec. 208. Government securities defined.
Sec. 209. Effective date.
Sec. 210. Rule of construction.

Subtitle B—Bank Investment Company Activities

Sec. 211. Custody of investment company assets by affiliated bank.
Sec. 212. Lending to an affiliated investment company.
Sec. 213. Independent directors.
Sec. 214. Additional SEC disclosure authority.
Sec. 215. Definition of broker under the Investment Company Act of 1940.
Sec. 216. Definition of dealer under the Investment Company Act of 1940.
Sec. 217. Removal of the exclusion from the definition of investment adviser for banks that advise investment companies.
Sec. 218. Definition of broker under the Investment Advisers Act of 1940.
Sec. 219. Definition of dealer under the Investment Advisers Act of 1940.
Sec. 220. Interagency consultation.
Sec. 221. Treatment of bank common trust funds.
Sec. 222. Statutory disqualification for bank wrongdoing.
Sec. 223. Conforming change in definition.
Sec. 224. Conforming amendment.
Sec. 225. Effective date.

Subtitle C—Securities and Exchange Commission Supervision of Investment Bank Holding Companies

Sec. 231. Supervision of investment bank holding companies by the Securities and Exchange Commission.

Subtitle D—Banks and Bank Holding Companies

Sec. 241. Consultation.

TITLE III—INSURANCE

Subtitle A—State Regulation of Insurance

Sec. 301. Functional regulation of insurance.
Sec. 302. Insurance underwriting in national banks.
Sec. 303. Title insurance activities of national banks and their affiliates.
Sec. 304. Expedited and equalized dispute resolution for Federal regulators.
Sec. 305. Insurance customer protections.
Sec. 306. Certain State affiliation laws preempted for insurance companies and affiliates.
Sec. 307. Interagency consultation.
Sec. 308. Definition of State.

Subtitle B—Redomestication of Mutual Insurers

Sec. 311. General application.
Sec. 312. Redomestication of mutual insurers.
Sec. 313. Effect on State laws restricting redomestication.
Sec. 314. Other provisions.

113 STAT. 1340 PUBLIC LAW 106—102—NOV. 12, 1999

Sec. 315. Definitions.
Sec. 316. Effective date.

Subtitle C—National Association of Registered Agents and Brokers

Sec. 321. State flexibility in multistate licensing reforms.
Sec. 322. National Association of Registered Agents and Brokers.
Sec. 323. Purpose.
Sec. 324. Relationship to the Federal Government.
Sec. 325. Membership.
Sec. 326. Board of directors.
Sec. 327. Officers.
Sec. 328. Bylaws, rules, and disciplinary action.
Sec. 329. Assessments.
Sec. 330. Functions of the NAIC.
Sec. 331. Liability of the association and the directors, officers, and employees of the association.
Sec. 332. Elimination of NAIC oversight.
Sec. 333. Relationship to State law.
Sec. 334. Coordination with other regulators.
Sec. 335. Judicial review.
Sec. 336. Definitions.

Subtitle D—Rental Car Agency Insurance Activities

Sec. 341. Standard of regulation for motor vehicle rentals.

TITLE IV—UNITAJW SAVINGS AND LOAN HOLDING COMPANIES

Sec. 401. Prevention of creation of new S&L holding companies with commercial affiliates.

TITLE V—PRIVACY

Subtitle A—Disclosure of Nonpublic Personal Information

Sec. 501. Protection of nonpublic personal information.
Sec. 502. Obligations with respect to disclosures of personal information.
Sec. 503. Disclosure of institution privacy policy.
Sec. 504. Rulemaking.
Sec. 505. Enforcement.
Sec. 506. Protection of Fair Credit Reporting Act.
Sec. 507. Relation to State laws.
Sec. 508. Study of information sharing among financial affiliates.
Sec. 509. Definitions.
Sec. 510. Effective date.

Subtitle B—Fraudulent Access to Financial Information

Sec. 521. Privacy protection for customer information of financial institutions.
Sec. 522. Administrative enforcement.
Sec. 523. Criminal penalty.
Sec. 524. Relation to State laws.
Sec. 525. Agency guidance.
Sec. 526. Reports.
Sec. 527. Definitions.

TITLE VI—FEDERAL HOME LOAN BANK SYSTEM MODERNIZATION

Sec. 601. Short title.
Sec. 602. Definitions.
Sec. 603. Savings association membership.
Sec. 604. Advances to members; collateral.
Sec. 605. Eligibility criteria.
Sec. 606. Management of banks.
Sec. 607. Resolution Funding Corporation.
Sec. 608. Capital structure of Federal home loan banks.

TITLE VII—OTHER PROVISIONS

Subtitle A—ATM Fee Reform

Sec. 701. Short title.
Sec. 702. Electronic fund transfer fee disclosures at any host ATM.
Sec. 703. Disclosure of possible fees to consumers when ATM card is issued.
Sec. 704. Feasibility study.
Sec. 705. No liability if posted notices are damaged.

PUBLIC LAW 106—102—NOV. 12, 1999 113 STAT. 1341

Subtitle B—Community Reinvestment

Sec. 711. CRA sunshine requirements.
Sec. 712. Small bank regulatory relief.
Sec. 713. Federal Reserve Board study of CRA lending.
Sec. 714. Preserving the Community Reinvestment Act of 1977.
Sec. 715. Responsiveness to community needs for financial services.

Subtitle C—Other Regulatory Improvements

Sec. 721. Expanded small bank access to S corporation treatment.
Sec. 722. "P rain language" requirement for Federal banking agency rules.
Sec. 723. Retention of "Federal" in name of converted Federal savings association.
Sec. 724. Control of bankers’ banks.
Sec. 725. Provision of technical assistance to microenterprises.
Sec. 726. Federal Reserve audits.
Sec. 727. Authorization to release reports.
Sec. 728. General Accounting Office study of conflicts of interest.
Sec. 729. Study and report on adapting existing legislative requirements to online banking and lending.
Sec. 730. Clarification of source of strength doctrine.
Sec. 731. Interest rates and other charges at interstate branches.
Sec. 732. Interstate branches and agencies of foreign banks.
Sec. 733. Fair treatment of women by financial advisers.
Sec. 734. Membership of loan guarantee boards.
Sec. 735. Repeal of stock loan limit in Federal Reserve Act.
Sec. 736. Elimination of SAIF and DIF special reserves.
Sec. 737. Bank officers and directors as officers and directors of public utilities.
Sec. 738. Approval for purchases of securities.
Sec. 739. Optional conversion of Federal savings associations.
Sec. 740. Grand jury proceedings.

Consolidated Reports of Condition and Income (Call Report) Schedule RI – Income Statement, line item 5. Noninterest Income, includes various income-producing activities that might be affected by GLBA.

Call Report data for the quarter ended December 31, 2001 identified the following numbers of state nonmember banks reporting these various types of noninterest income:

Table: State Nonmember Banks Reporting Various Types of Noninterest Income

GLBA sections that might affect these activities are listed under "Relevant GLBA Sections." The titles of the relevant GLBA sections are:

Section 121. Subsidiaries of National Banks
Section 201. Definition of Broker
Section 202. Definition of Dealer
Section 204. Information Sharing
Section 205. Treatment of New Hybrid Products
Section 211. Custody of Investment Company Assets by Affiliated Bank
Section 221. Treatment of Bank Common Trust Funds
Section 222. Disqualification for Bank Wrongdoing
Section 301. Functional Regulation of Insurance
Section 305. Insurance Customer Protections
Section 307. Interagency Consultation

For certain GLBA sections, having an effect on bank activity is probable. Sections 201 and 202 are relevant because they relate to all bank securities activities – specifically, whether banks must register with the SEC as brokers or dealers for such activities, with a resultant determination of regulatory authority. Section 204 establishes record-keeping requirements in support of bank exemptions from having to register with the SEC as brokers or dealers.

Section 301 provides that states (as opposed to the banking agencies) are the functional regulators of insurance. Section 305 establishes insurance customer protections. Section 307 requires that banking agencies and state insurance regulators share supervisory information concerning bank insurance activities.

Sections 201, 202, 204, 301, 305 and 307 do not authorize new activities but relate to most, if not all, state nonmember bank security and insurance activities.

Due to its nondescript nature, it could not be determined whether "Other Noninterest Income" might or might not be affected by GLBA. However, it is worth noting that 4,908 or 99 percent of state nonmember banks reported $8.5 billion in revenues under this category.

The data show that substantial numbers of state nonmember banks are involved in financial activities affected by GLBA. This activity is both ‘in-house’ and includes subsidiaries. GLBA’s effect on financial holding companies, bank holding companies, and other bank affiliates is not included.

Table 1: Title I - Facilitating Affiliation Among Banks, Securities Firms, and Insurance Companies

Table 2: Title II - Functional Regulation

Table 3: Title III - Insurance

Table 4: Title IV - Unitary Savings and Loan Holding Companies

Table 5: Title V - Privacy

Table 6: Title VI - Federal Home Loan Bank System Modernization

Table 7: Title VII - Other Provisions

Table 8: Total Count of Items in Tables 1 Through 7 Regarding the Status of Items on the FDIC "GLBA Corporate Project List"

DOS GUIDANCE ON GLBA SECTIONS THAT REQUIRE CHANGES TO EXAMINATION POLICIES AND PROCEDURES (as of November 30, 2001)

We identified the following GLBA Sections as requiring changes or additions to DOS examination policies and procedures. (Note: Only GLBA sections requiring DOS guidance for examiners are included in this analysis. Additional GLBA sections were included in the audit procedures.) The date the guidance was issued is listed under the type of guidance (i.e., Regional Directors Memorandum (RD Memo), Examination Documentation Module (ED Module), Manual of Examination Policies (Exam Manual), and Trust Examination Manual (Trust Manual)). This chart is intended to show guidance that has been issued, not what remains to be done. Not all columns are applicable for each GLBA section listed.

Table 1: Title I – Facilitating Affiliation Among Banks, Securities Firms, and Insurance Companies

Table 2: Title II – Functional Regulation

Table 3: Title III – Insurance, Subtitle A – State Regulation of Insurance

CORPORATION COMMENTS

Federal Deposit Insurance Corporation
Washington, DC 20429
Division of Supervision and Consumer Protection

July 22, 2002

MEMORANDUM TO: Stephen M. Beard, Deputy Assistant Inspector General for Audits

FROM: Michael J. Zamorski [Electronically produced version; original signed by Michael J. Zamorski], Director, Division of Supervision and Consumer Protection

SUBJECT: Draft Report Entitled Division of Supervision Implementation of Gramm-Leach-Bliley Act ("GLBA") Provisions (Assignment Number 00-8 13)

Thank you for the opportunity to respond to the draft report entitled Division of Supervision Implementation of Gramm-Leach-Bliley Act Provisions ("draft report"). We anticipate that your final report will clarify that the FDIC is in compliance with all portions of GLBA that required action by the FDIC such as rulemaking or establishing procedures and that the exceptions noted in your report are considered technical in nature and should not impact the safety and soundness examination of any institution.

Following are your four recommendations along with our position on each and proposed plans of action, if appropriate.

1. In conjunction with legal Division and the Securities and Exchange Commission (SEC), develop procedures for information sharing consistent with GLBA Section 115. Examination of Investment Companies, Section 217. Removal of the Exclusion from the Definition of Investment Adviser for Banks that Advise Investment Companies, Section 220. Interagency Consultation, and Section 222. Statutory Disqualification for Bank Wrongdoing.

GLBA Sections 115, 217 and 222 are self-executing and do not involve any mandated action by the SEC or the federal banking agencies. Moreover, sections 217 and 222 involve amendments to the Investment Advisers Act and the Investment Company Act, respectively, for which the SEC has jurisdiction. GLBA section 220 does not mandate any action by the federal banking agencies, unless the agencies receive a request from the SEC.

The information sharing requirements and accompanying procedures of the sections noted above have been addressed in great detail in the revised Trust Manual. There have been no specific instances identified where the revised trust examination procedures have been shown to be inadequate.

Your report indicates that the agreement dated June 17, 1987 establishing procedures for the FDIC to access the SEC’s nonpublic information has not been updated post-GLBA. The FDIC has actively attempted to establish a revised Memorandum of Understanding (MOU) with the SEC. As of this date, the SEC has devoted its resources elsewhere and is formulating targeted MOUs where necessary. For example the SEC has established an MOU with the Federal Reserve that deals exclusively with one large institution.

2. Expedite comprehensive revisions of the Manual of Examination Policies, Section 4.3 "Related Organizations" and the Supplemental Examination Documentation (ED) Module, "Related Organizations," to address relevant sections and provisions of GLBA.

We are happy to report that most of the items cited have already been included in the latest DOS Manual of Examination Policies revision dated April, 2002 and in the most recent ED module revisions effective August, 2001 and February, 2002. Details follow:

• DSC Policies and Procedures on "Related Organizations"

While we agree that it is necessary to include this information in the applicable manuals, we disagree with the statement that by not updating these procedures "examination staff have lacked comprehensive guidance on examining GLBA’s impact on bank affiliates." This guidance was already transmitted to the examiners in various regional directives. The fact that it was not yet included in the DOS Manual of Examination Policies does not mean that no guidance was previously issued.

Section 4.3 of the DOS Manual of Examination Policies entitled "Related Organizations" was updated February, 2002 and includes updated guidance on bank holding companies, financial holding companies, functional regulation issues and other affiliates post-GLBA.

The Risk-scoping ED module was revised August, 2001 to reflect functional regulation issues. The Related Organization supplemental ED module will be revised once 23A and 23B are updated and the issues mentioned later on in this document are settled. A reasoned and purposeful decision was made not to update the supplemental ED module entitled "Related Organizations" at this time.

• Amended Bank Holding Company Act Section 4(n) "Authority to retain limited non-financial activities and affiliations," and Section 4(o) "Regulation of certain financial holding companies." [Cross-Marketing restrictions]

In consultation with the Legal Division, we offer the following response for this item.

The cross-marketing restrictions in Section 103 constitute amendments to the BHCA (Section 4(n)(5) of the BHCA) not the FDI Act or the National Bank Act. The Federal Reserve Board (FRB) is the primary Federal regulator of bank holding companies and financial holding companies and should provide guidance on the application of this section. In fact, the FRB has already provided guidance on these cross-marketing restrictions within the context of the FRB’s merchant banking activities rule — 12 CFR Section 225.176.

Only the FRB has been delegated with discretion to remove the cross-marketing prohibitions for the "marketing of products or services through statement inserts or Internet websites." (See Section 4(n)(5)(B) of the BHCA.) This delegation may be exercised by the FRB in the event that the following two conditions are met:

(1) such arrangement does not violate section 106 of the Bank Holding Company Act Amendments of 1970 (which involve anti-tying restrictions); and

(2) the FRB determines that the arrangement is in the public interest, does not undermine the separation of banking and commerce, and is consistent with the safety and soundness of depository institutions.

Again, these are decisions to be made by the FRB, not the FDIC and thus any guidance in this area should come from it.

• GLBA Section 107 Cross Marketing Restriction; Limited Purpose Bank Relief; Divestiture

This was addressed in the DOS Manual of Examination Policies revision on pages 4.3-4 and 4-3-14.

• GLBA Section 121(b) "Sections 23A and 23B of the Federal Reserve Act."

As stated in the draft report, the Division of Supervision and Consumer Protection (DSC) issued specific guidance on changes to sections 23A and 23B relating to financial subsidiaries in a memorandum dated June 26, 2000. This guidance has been replaced by updated information contained in the DOS Manual of Examination Policies issued in February, 2002.

The draft report states that the DSC has not updated guidance on the changes to sections 23A and 23B because the appendix from the June 26, 2000 memorandum was dropped when the memorandum was updated on November 15, 2001. Restatement of the statutory provisions was unnecessary because the revised statute was at that time and continues to be in the FDIC’s publication of laws, regulations and related acts distributed to all examination personnel.

The DSC has chosen not to elaborate on sections 23A and 23B coverage of financial subsidiaries due to outstanding issues with the Federal Reserve Board who have issued a proposed Regulation W re: Transactions between Banks and their Affiliates. The FDIC commented on this proposal on August 15, 2001 in a letter signed by Acting Chairman John Reich. This letter states, "We have significant concerns regarding the proposal's treatment of financial subsidiaries." The letter goes on to express our concerns about potential coverage of section 24 subsidiaries and activities that are conducted not "as principal."

With such controversial issues still outstanding between the FDIC and the Federal Reserve Board, the DSC believes that it is unwise to issue interpretive guidance on 23A and 23B coverage of financial subsidiaries to its field staff until such issues are resolved.

• DSC Examination Guidance on Bank Recordkeeping Requirements

As mentioned in the draft audit report, DSC is awaiting final regulations before issuing guidance on GLBA Section 204 Information Sharing.

3. In connection with other revisions to the software programs, revise the Case Administration System, ViSION, and SIMS databases to add fields for financial holding companies.

Bank holding companies must apply to the Federal Reserve Board in order to become Financial Holding Companies. The FDIC receives holding company data, both bank and financial, on a weekly basis from the Federal Reserve and maintains a copy of the database on the FDIC mainframe computer. FDIC analysts can identify financial holding companies and their organizational components by querying the data base, however, at the present time DSC information systems are not programmed to display the financial holding company designation.

This situation will change later this year when the Case Administration module of the Virtual Supervisory Information On the Net (ViSION) system comes on-line. The new module is scheduled to be released in November 2002. At that time all authorized users of the ViSION Information Workstation will be able to easily identify and display relevant information about financial holding company operations.

4. Based on rules and regulations for Section 204. Information Sharing, plan for changes to information systems in order to identify banks engaged in activities exempted from SEC regulation.

In 2003, the ViSION project plans to revise the Specialty Examination Tracking System (SETS) which includes supervisory information about trust, investment and securities related activities of insured banks. The first phase in developing the new SETS module will include a comprehensive review of the regulatory and business requirements of the new system. GLBA Section 204 requirements as well as any others will be considered at that time and included in the design specifications of the revised SETS module.

SECURITIES AND EXCHANGE COMMISSION COMMENTS

[Description of image: Seal of the U.S. Securities and Exchange Commission]

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
OFFICE OF COMPLIANCE
INSPECTIONS AND EXAMINATIONS

July 16, 2002

Stephen M. Beard
Deputy Assistant Inspector General for Audits
FDIC Office of Inspector General
Room 1067
801 17th Street, N.W.
Washington, DC 20434

Dear Mr. Beard:

Thank you for the advance draft report of the FDIC Inspector General entitled, "Division of Supervision Implementation of Gramm-Leach-Bliley Act Provisions" to the Federal Deposit.Insurance Corporation.

We have no comments on the draft report.

Very truly yours,

Lori A. Richards [Electronically produced version; original signed by Lori A. Richards]
Director