The purpose of this part is to set forth minimum requirements for a record retention program for each regulated entity and the Office of Finance. The requirements are intended to further prudent management as well as to ensure that complete and accurate records of each regulated entity and the Office of Finance are readily accessible to FHFA.

For purposes of this part, the term—

Electronic record means a record created, generated, communicated, or stored by electronic means.

E-mail means a document created or received on a computer network for transmitting messages electronically, and any attachments which may be transmitted with the document.

Employee means any officer or employee of a regulated entity or the Office of Finance.

Record means any information, whether generated internally or received from outside sources by a regulated entity or the Office of Finance, related to the conduct of the business of a regulated entity or the Office of Finance (which business, in the case of the Office of Finance, shall include any functions performed with respect to the Financing Corporation) or to legal or regulatory requirements, regardless of the following—

(1) Form or format, including hard copy documents (e.g., files, logs, and reports), electronic documents (e.g., e-mail, databases, spreadsheets, PowerPoint presentations, electronic reporting systems, electronic tapes and back-up tapes, optical discs, CD-ROMS, and DVDs), and voicemail or recorded telephone line records;

(2) Where the information is stored or located, including network servers, desktop or laptop computers and handheld computers, other wireless devices with text messaging capabilities, and on-site or off-site at a storage facility;

(3) Whether the information is maintained or used on regulated entity or Office of Finance equipment, or on personal or home computer systems of an employee; or

(4) Whether the information is active or inactive.

Record hold means a requirement, an order, or a directive from a regulated entity, the Office of Finance, or FHFA that the regulated entity or the Office of Finance is to retain records relating to a particular issue in connection with an actual or a potential FHFA examination, investigation, enforcement proceeding, or litigation of which the regulated entity or the Office of Finance has received notice from FHFA or otherwise has knowledge.

Record retention schedule means a schedule that details the categories of records a regulated entity or the Office of Finance is required to retain and the corresponding retention periods. The record retention schedule includes all media, such as microfilm and machine-readable computer records, for each record category.

Retention period means the length of time that records must be kept before they are destroyed, as determined by the organization's record retention schedule. Records not authorized for destruction have a retention period of “permanent.”

(a) Establishment. Each regulated entity and the Office of Finance shall establish and maintain a written record retention program and provide a copy of such program to the Deputy Director of the Division of Enterprise Regulation, or his or her designee, or the Deputy Director for the Division of Federal Home Loan Bank Regulation, or his or her designee, as appropriate, within 180 days of the effective date of this part, and annually thereafter, and whenever a significant revision to the program has been made.

(b) Evaluation. Management of each regulated entity and the Office of Finance shall evaluate in writing the adequacy and effectiveness of the record retention program at least every two years and provide a copy of the evaluation to the board of directors and the Director.

(a) General minimum requirements. The record retention program established and maintained by each regulated entity and the Office of Finance under § 1235.3 shall:

(1) Assure that retained records are complete and accurate;

(2) Assure that the form of retained records and the retention period—

(i) Are appropriate to support administrative, business, external and internal audit functions, and litigation of the regulated entity or the Office of Finance; and

(ii) Comply with requirements of applicable laws and regulations, including this part;

(3) Assign in writing the authorities and responsibilities for record retention activities for employees, including line managers and corporate management;

(4) Include policies and procedures concerning record holds, consistent with § 1235.5, and, as appropriate, integrate them with policies and procedures throughout the organization;

(5) Include an accurate, current, and comprehensive record retention schedule that lists records by major categories, subcategories, record type, and retention period, which retention period is appropriate to the specific record and consistent with applicable legal, regulatory, fiscal, operational, and business requirements;

(6) Include appropriate security and internal controls to protect records from unauthorized access and data alteration;

(7) Provide for appropriate back-up and recovery of electronic records to ensure the same accuracy as the primary records;

(8) Provide for a periodic testing of the ability to access records; and

(9) Provide for the proper disposition of records.

(b) Minimum storage requirements for electronic records. Electronic records, preferably searchable, must be maintained on immutable, non-rewritable storage in a manner that provides for both ready access by any person who is entitled to access the records, including staff of FHFA, and accurate reproduction for later reference by transmission, printing or other means.

(c) Communication and training—(1) The record retention program established and maintained by each regulated entity and the Office of Finance under § 1235.3 shall provide for periodic training and communication throughout the organization.

(2) The record retention program shall:

(i) Provide for communication throughout the organization on record retention policies, procedures, and record retention schedule updates; and

(ii) Provide for training of and notice to all employees on a periodic basis on their record retention responsibilities, including instruction regarding penalties provided by law for the unlawful removal or destruction of records. The record retention program also shall provide for training for the agents or independent contractors of a regulated entity or the Office of Finance, as appropriate, consistent with their respective roles and responsibilities to the regulated entity or the Office of Finance.

(a) Notification by FHFA. In the event that FHFA is requiring a record hold, FHFA shall notify the chief executive officer of the regulated entity or the Office of Finance. Regulated entities and the Office of Finance must have a written policy for handling notice of a record hold.

(b) Notification by a regulated entity or the Office of Finance. The record retention program of a regulated entity and the Office of Finance shall—

(1) Address how employees and, as appropriate, how agents or independent contractors consistent with their respective roles and responsibilities to the regulated entity or the Office of Finance, will receive prompt notification of a record hold;

(2) Designate an individual to communicate specific requirements and instructions, including, when necessary, the instruction to cease immediately any otherwise permissible destruction of records; and

(3) Provide that any employee and, as appropriate, any agent or independent contractor consistent with his or her respective role and responsibility to the regulated entity or Office of Finance, who has received notice of a potential investigation, enforcement proceeding, or litigation by FHFA involving the regulated entity or the Office of Finance or an employee, or otherwise has actual knowledge that an issue is subject to such an investigation, enforcement proceeding or litigation, shall notify immediately the legal department or the individual providing legal services as well as senior management of the regulated entity or the Office of Finance and shall retain any records that may be relevant in any way to such investigation, enforcement proceeding, or litigation.

(c) Method of record retention during a record hold. The record retention program of each regulated entity and the Office of Finance shall address the method by which the regulated entity or the Office of Finance will retain records during a record hold. Specifically, the program shall describe the method for the continued preservation of electronic records, including e-mail, and, as applicable, the conversion of records from paper to electronic form as well as any alternative storage method.

(d) Access to and retrieval of records during a record hold. The record retention program of each regulated entity or the Office of Finance shall ensure access to and retrieval of records by the regulated entity and the Office of Finance, and access, upon request, by FHFA, during a record hold. Such access shall be by reasonable means, consistent with the nature and availability of the records and existing information technology.

Each regulated entity and the Office of Finance shall make its records available promptly upon request by FHFA, at a location and in a form and manner acceptable to FHFA.

(a) Supervisory action. Failure by a regulated entity or the Office of Finance to comply with this part may subject the regulated entity or the Office of Finance or the board members, officers, or employees thereof to supervisory action by FHFA under the Safety and Soundness Act, including but not limited to cease-and-desist proceedings, temporary cease-and-desist proceedings, and civil money penalties.

(b) No limitation of authority. This part does not limit or restrict the authority of FHFA to act under its safety and soundness mandate, in accordance with the Safety and Soundness Act. Such authority includes, but is not limited to, conducting examinations, requiring reports and disclosures, and enforcing compliance with applicable laws, rules, and regulations.