This part addresses prudential management and operations standards that are required and authorized by 12 U.S.C. 4513b, including the establishment of Standards by Federal Housing Finance Agency (FHFA) and the processes by which FHFA can notify a regulated entity or the Office of Finance of its failure to operate in accordance with a Standard and direct the regulated entity or the Office of Finance to take corrective action. This part further specifies the possible consequences if any regulated entity or the Office of Finance fails to operate in accordance with an applicable Standard or otherwise fails to comply with this part.

[89 FR 3539, Jan. 19, 2024]

Unless otherwise indicated, terms used in this part have the meanings that they have in part 1201 of this chapter, in the Safety and Soundness Act, 12 U.S.C. 4501 et seq., or in the Bank Act, 12 U.S.C. 1421 et seq.

Extraordinary growth—(1) For purposes of 12 U.S.C. 4513b(b)(3)(C), means:

(i) With respect to a Bank, growth of non-advance assets in excess of 30 percent over the six calendar quarter period preceding the date on which FHFA notified the Bank that it was required to submit a corrective plan; and

(ii) With respect to an Enterprise, quarterly non-annualized growth of assets in excess of 7.5 percent in any calendar quarter during the six calendar quarter period preceding the date on which FHFA notified the Enterprise that it was required to submit a corrective plan.

(2) For purposes of calculating an increase in assets, assets acquired through merger or acquisition approved by FHFA are not to be included.

Standard(s) means any one (or more) of the prudential management and operations standards established by the Director pursuant to 12 U.S.C. 4513b(a). Standard includes the introductory statement of general responsibilities of boards of directors and senior management of the regulated entities set forth in the appendix to this part.

[77 FR 33959, June 8, 2012, as amended at 78 FR 2324, Jan. 11, 2013; 80 FR 72336, Nov. 19, 2015; 89 FR 3539, Jan. 19, 2024]

(a) Form. As expressly authorized by 12 U.S.C. 4513b(a), FHFA may establish Standards as regulations or guidelines.

(b) Standards established as guidelines. Each Standard that has been established as a guideline is located in the appendix to this part. FHFA will provide public notice of, and seek public comment on, any Standard it plans to establish as a guideline, or on any material modification to any Standard established as a guideline. FHFA may revoke any Standard established as a guideline at any time by order or notice. Standards established as guidelines are subject to the remedial provisions of §§ 1236.4 and 1236.5.

(c) Standards established as regulations. When establishing a Standard as a regulation or amending such a Standard, FHFA shall follow applicable rulemaking procedures of the Administrative Procedure Act, 12 U.S.C. 553. Standards established as regulations may be set forth as subparts or provisions of this part; or as other parts or subparts, or as provisions of such other parts or subparts, of this chapter XII of title 12. When not set forth as a subpart of this part, the regulation or any provision thereof that is a Standard shall be identified as a Standard in the body of the regulation. Standards established as regulations are subject to this part, including the remedial provisions of §§ 1236.4 and 1236.5, and to the enforcement provisions of 12 U.S.C. chapter 46, subchapter III.

(d) Conflicts. In the case of a direct conflict between a Standard established as a guideline and any FHFA regulation, when it is not possible to comply with both that Standard and the FHFA regulation, the FHFA regulation shall control.

[89 FR 3539, Jan. 19, 2024]

(a) Determination. FHFA may determine, based upon an examination, inspection, or any other information, that a regulated entity or the Office of Finance has failed to meet one or more of the Standards. Failure to meet any Standard may constitute an unsafe and unsound practice for purposes of the enforcement provisions of 12 U.S.C. chapter 46, subchapter III.

(b) Submission of corrective plan. When a regulated entity or the Office of Finance is required to submit a corrective plan, FHFA shall inform the regulated entity or the Office of Finance of that requirement by written notice, which shall also set forth FHFA's determination that the regulated entity or the Office of Finance has failed a particular Standard or Standards. FHFA shall require a regulated entity or the Office of Finance to submit a corrective plan if FHFA determines that the regulated entity or the Office of Finance has failed to meet a Standard established as a regulation. FHFA may require a regulated entity or the Office of Finance to submit a corrective plan for failure to meet a Standard established as a guideline.

(c) Corrective plans—(1) Contents of plan. A corrective plan shall be in writing and shall describe the actions the regulated entity or the Office of Finance will take to correct its failure(s) as determined by FHFA, and the time within which each action will be taken.

(2) Filing deadline—(i) In general. A regulated entity or the Office of Finance must file a corrective plan with FHFA within thirty (30) calendar days of being notified by FHFA of the requirement to file a corrective plan, unless FHFA notifies the regulated entity or the Office of Finance in writing that the plan must be filed within a different time period.

(ii) Other plans or submissions. If a regulated entity must file a capital restoration plan submitted pursuant to 12 U.S.C. 4622, it may submit the corrective plan required under this section as part of the capital restoration plan, subject to the deadline established in accordance with paragraph (c)(2)(i) of this section. If a regulated entity or the Office of Finance is operating under a cease-and-desist order entered into pursuant to 12 U.S.C. 4631 or 4632, or a formal or informal agreement, or must file a response to a report of examination or report of inspection, it may, with the permission of FHFA, submit the corrective plan required under this section as part of its compliance with that order, agreement, or response, subject to the deadline established in accordance with paragraph (c)(2)(i) of this section, but the corrective plan would not become a part of the order, agreement, or response. FHFA may also permit a regulated entity or the Office of Finance to submit a corrective plan required under this section as part of another type of required plan or submission by a regulated entity or the Office of Finance, as deemed appropriate by FHFA.

(d) Amendment of corrective plan. A regulated entity or the Office of Finance that is operating in accordance with an approved corrective plan may submit a written request to FHFA to amend the plan as necessary to reflect any changes in circumstance. Until such time that FHFA approves a proposed amendment, the regulated entity or the Office of Finance must continue to operate in accordance with the terms of the corrective plan as previously approved.

(e) Review of corrective plans and amendments. Within thirty (30) calendar days of receiving a corrective plan or proposed amendment to a plan, FHFA will notify the regulated entity or the Office of Finance in writing of its decision on the plan, will direct the regulated entity to submit additional information, or will notify the regulated entity in writing of any extended deadline for review that FHFA has established.

[89 FR 3539, Jan. 19, 2024]

(a) Remedies. If a regulated entity or the Office of Finance fails to submit an acceptable corrective plan under § 1236.4(b), or fails in any material respect to implement or otherwise comply with an approved corrective plan, FHFA shall order the regulated entity or the Office of Finance to correct that deficiency, and may:

(1) Prohibit the regulated entity from increasing its average total assets, as defined in 12 U.S.C. 4516(b)(4), for any calendar quarter over its average total assets for the preceding calendar quarter, or may otherwise restrict the rate at which the average total assets of the regulated entity may increase from one calendar quarter to another;

(2) Prohibit the regulated entity from paying dividends;

(3) Prohibit the regulated entity from redeeming or repurchasing capital stock;

(4) Require the regulated entity to maintain or increase its level of retained earnings;

(5) Require an Enterprise to increase its ratio of core capital to assets, or require a Bank to increase its ratio of total capital, as defined in 12 U.S.C. 1426(a)(5), to assets; or

(6) Require the regulated entity or the Office of Finance to take any other action that the Director determines will better carry out the purposes of the statute by bringing the regulated entity or the Office of Finance into conformance with the Standards.

(b) Extraordinary growth. If a regulated entity that has failed to submit an acceptable corrective plan or has failed in any material respect to implement or otherwise comply with an approved corrective plan, also has experienced extraordinary growth, FHFA shall impose at least one of the sanctions listed in paragraph (a) of this section, consistently with the requirements of 12 U.S.C. 4513b(b)(3).

(c) Orders— (1) Notice. Except as provided in paragraph (c)(4) of this section, FHFA will notify a regulated entity or the Office of Finance in writing of FHFA's intent to issue an order requiring the regulated entity or the Office of Finance to correct its failure to submit a corrective plan or its failure in any material respect to implement or otherwise comply with an approved corrective plan. Any such notice will include:

(i) A statement that the regulated entity or the Office of Finance has failed to submit a corrective plan under § 1236.4, or has not implemented or otherwise has not complied in any material respect with an approved plan;

(ii) A description of any sanctions that FHFA intends to impose and, in the case of the mandatory sanctions required by 12 U.S.C. 4513b(b)(3), a statement that FHFA believes that the regulated entity has experienced extraordinary growth; and

(iii) The proposed date when any sanctions would become effective or the proposed date for completion of any required actions.

(2) Response to notice. A regulated entity or the Office of Finance may file a written response to a notice of intent to issue an order, which must be delivered to FHFA within fourteen (14) calendar days of the date of the notice, unless FHFA determines that a different time period is appropriate in light of the safety and soundness of the regulated entity or the Office of Finance or other relevant circumstances. The response should include:

(i) An explanation of why the regulated entity or the Office of Finance believes that the action proposed by FHFA is not an appropriate exercise of discretion;

(ii) Any recommended modification of the proposed order; and

(iii) Any other relevant information, mitigating circumstances, documentation or other evidence in support of the position of the regulated entity or the Office of Finance regarding the proposed order.

(3) Failure to file response. The failure of a regulated entity or the Office of Finance to file a written response within the specified time period will constitute a waiver of the opportunity to respond and will constitute consent to issuance of the order.

(4) Immediate issuance of final order. FHFA may issue an order requiring a regulated entity or the Office of Finance immediately to take actions to correct a Standards deficiency or to take or refrain from taking other actions pursuant to paragraph (a) of this section. Within fourteen (14) calendar days of the issuance of an order under this paragraph, or other time period specified by FHFA, a regulated entity or the Office of Finance may submit a written appeal of the order to FHFA. FHFA will respond in writing to a timely filed appeal within sixty (60) days after receiving the appeal. During this period, the order will remain in effect unless FHFA stays the effectiveness of the order.

(d) Request for modification or rescission of order. A regulated entity or the Office of Finance subject to an order under this part may submit a written request to FHFA for an amendment to the order to reflect a change in circumstance. Unless otherwise ordered by FHFA, the order shall continue in place while such a request is pending before FHFA.

(e) Agency review and determination. FHFA will respond in writing within thirty (30) days after receiving a response or amendment request, unless FHFA notifies the regulated entity or the Office of Finance in writing that it will respond within a different time period. After considering the response or amendment request from a regulated entity or the Office of Finance, FHFA may:

(1) Issue the order as proposed or in modified form;

(2) Determine not to issue the order and instead issue a different order; or

(3) Seek additional information or clarification of the response from the regulated entity, or any other relevant source.

[77 FR 33959, June 8, 2012, as amended at 89 FR 3540, Jan. 19, 2024]

The following provisions constitute the prudential management and operations standards established as guidelines pursuant to 12 U.S.C. 4513b(a). The General Responsibilities of the Board of Directors and Standards 1, 2, 8, and 10 apply to the Office of Finance as appropriate.

General Responsibilities of the Board of Directors and Senior Management

The following provisions address the general responsibilities of the boards of directors and senior management of the regulated entities as they relate to the matters addressed by each of the Standards, and the general responsibilities of the board of directors and senior management of the Office of Finance to the extent a particular Standard is applicable to the Office of Finance. The descriptions are not a comprehensive listing of the responsibilities of either the boards or senior management, each of whom have additional duties and responsibilities to those described in these Standards.

Responsibilities of the Board of Directors

1. With respect to the subject matter addressed by each applicable Standard, the board of directors of each regulated entity and of the Office of Finance is responsible for adopting business strategies and policies that are appropriate for the particular subject matter. The board should review all such strategies and policies periodically. It should review and approve all major strategies and policies at least annually and make any revisions that are necessary to ensure that such strategies and policies remain consistent with the overall business plan of the entity or the Office of Finance.

2. The board of directors is responsible for overseeing management of the regulated entity or the Office of Finance, which includes ensuring that management includes personnel who are appropriately trained and competent to oversee the operation of the regulated entity and the Office of Finance as it relates to the functions and requirements addressed by each applicable Standard, and that management implements the policies set forth by the board.

3. The board of directors is responsible for remaining informed about the operations and condition of the regulated entity or the Office of Finance, including operating consistently with the applicable Standards, and senior management's implementation of the strategies and policies established by the board of directors.

4. The board of directors must remain sufficiently informed about the nature and level of the regulated overall risk exposures of the entity or the Office of Finance, including, as applicable, market, credit, operational, and counterparty risk, so that it can understand the possible short- and long-term effects of those exposures on the financial health of the regulated entity, including the possible short- and long-term consequences, as applicable, to earnings, liquidity, and economic value. The board of directors should: establish the risk tolerances of the regulated entity or the Office of Finance and provide management with clear guidance regarding the level of acceptable risks; review the entire risk management framework of the regulated entity or the Office of Finance, including policies and entity-wide risk limits at least annually; oversee the adequacy of the actions taken by senior management to identify, measure, manage, and control the risk exposures of the regulated entity or the Office of Finance; and ensure that management takes appropriate corrective measures whenever risk limit violations or breaches occur.

Responsibilities of Senior Management

5. With respect to the subject matter addressed by each applicable Standard, senior management is responsible for developing the policies, procedures and practices that are necessary to implement the business strategies and policies adopted by the board of directors. Senior management should ensure that such items are clearly written, sufficiently detailed, and are followed by all personnel. Senior management also should ensure that the regulated entity or the Office of Finance has personnel who are appropriately trained and competent to carry out their respective functions and that all delegated responsibilities are performed.

6. Senior management should ensure that the regulated entity or the Office of Finance has adequate resources, systems, and controls available to execute effectively the business strategies, policies, and procedures of the entity or the Office of Finance, including operating consistently with each of the applicable Standards.

7. Senior management should provide the board of directors with periodic reports relating to the condition and performance of the regulated entity or the Office of Finance, including the subject matter addressed by each of the applicable Standards, that are sufficiently detailed to allow the board of directors to remain fully informed about the business of the regulated entity or the Office of Finance.

8. Senior management should regularly review and discuss with the board of directors information regarding the risk exposures of the regulated entity or the Office of Finance that is sufficient in detail and timeliness to permit the board of directors to understand and assess the performance of management in identifying and managing the various risks to which the regulated entity or the Office of Finance is exposed.

Responsibilities of the Board of Directors and Senior Management

9. The board of directors and senior management should conduct themselves in such a manner as to promote high ethical standards and a culture of compliance throughout the organization.

10. The board of directors and senior management should ensure that the overall risk profile of the regulated entity or the Office of Finance is aligned with its mission objectives.

Standard 1—Internal Controls and Information Systems Responsibilities of the Board of Directors

1. Regarding internal controls and information systems, the board of directors of each regulated entity and the Office of Finance should adopt appropriate policies, ensure personnel are appropriately trained and competent, approve and periodically review overall business strategies, approve the organizational structure, and assess the adequacy of senior management's oversight of this function.

Responsibilities of Senior Management

2. Regarding internal controls and information systems, senior management should implement strategies and policies approved by the board of directors, establish appropriate policies, monitor the adequacy and effectiveness of this function, and ensure personnel are appropriately trained and competent. The organizational structure should clearly assign responsibility, authority, and reporting relationships.

Responsibilities of the Board of Directors and Senior Management

3. Regarding internal controls and information systems, both the board of directors and senior management should promote high ethical standards, create a culture that emphasizes the importance of this function, and promptly address any issues in need of remediation.

Framework

4. Each regulated entity and the Office of Finance should have an adequate and effective system of internal controls, which should include a board approved organizational structure that clearly assigns responsibilities, authority, and reporting relationships, and establishes an appropriate segregation of duties that ensures that personnel are not assigned conflicting responsibilities.

5. Each regulated entity and the Office of Finance should establish appropriate internal control policies and should monitor the adequacy and effectiveness of its internal controls and information systems on an ongoing basis through a formal self-assessment process.

6. Each regulated entity and the Office of Finance should have an organizational culture that emphasizes and demonstrates to personnel at all levels the importance of internal controls.

7. Each regulated entity and the Office of Finance should address promptly any violations, findings, weaknesses, deficiencies, and other issues in need of remediation relating to the internal control systems.

Risk Recognition and Assessment

8. Each regulated entity and the Office of Finance should have an effective risk assessment process that ensures that management recognizes and continually assesses all material risks, including credit risk, market risk, interest rate risk, liquidity risk, and operational risk.

Control Activities and Segregation of Duties

9. Each regulated entity and the Office of Finance should have an effective internal control system that defines control activities at every business level.

10. The control activities of each regulated entity and the Office of Finance should include:

a. Board of directors and senior management reviews of progress toward goals and objectives;

b. Appropriate activity controls for each business unit;

c. Physical controls to protect property and other assets and limit access to property and systems;

d. Procedures for monitoring compliance with exposure limits and follow-up on non-compliance;

e. A system of approvals and authorizations for transactions over certain limits; and

f. A system for verification and reconciliation of transactions.

Information and Communication

11. Each regulated entity and the Office of Finance should have information systems that provide relevant, accurate and timely information and data.

12. Each regulated entity and the Office of Finance should have secure information systems that are supported by adequate contingency arrangements.

13. Each regulated entity and the Office of Finance should have effective channels of communication to ensure that all personnel understand and adhere to policies and procedures affecting their duties and responsibilities.

Monitoring Activities and Correcting Deficiencies

14. Each regulated entity and the Office of Finance should monitor the overall effectiveness of its internal controls and key risks on an ongoing basis and ensure that business units and internal and external audit conduct periodic evaluations.

15. Internal control deficiencies should be reported to senior management and the board of directors on a timely basis and addressed promptly.

Applicable Laws, Regulations, and Policies

16. Each regulated entity and the Office of Finance should comply with all applicable laws, regulations, and supervisory guidance (e.g., advisory bulletins) governing internal controls and information systems.

Standard 2—Independence and Adequacy of Internal Audit Systems Audit Committee

1. The board of directors of each regulated entity and the Office of Finance should have an audit committee that exercises proper oversight and adopts appropriate policies and procedures designed to ensure the independence of the internal audit function. The audit committee should ensure that the internal audit department includes personnel who are appropriately trained and competent to oversee the internal audit function.

2. The board of directors should review and approve the audit committee charter at least every three years.

3. The audit committee of the board of directors is responsible for monitoring and evaluating the effectiveness of the internal audit function of each regulated entity and the Office of Finance.

4. Issues reported by the internal audit department to the audit committee should be promptly addressed and satisfactorily resolved.

Internal Audit Function

5. Each regulated entity and the Office of Finance should have an internal audit function that provides for adequate testing of the system of internal controls.

6. Each regulated entity and the Office of Finance should have an independent and objective internal audit department that reports directly to the audit committee of the board of directors.

7. The internal audit department of each regulated entity and the Office of Finance should be adequately staffed with properly trained and competent personnel.

8. The internal audit department should conduct risk-based audits.

9. The internal audit department should conduct adequate testing and review of internal control and information systems.

10. The internal audit department should determine whether violations, findings, weaknesses and other issues reported by regulators, external auditors, and others have been promptly addressed.

Applicable Laws, Regulations, and Policies

11. Each regulated entity and the Office of Finance should comply with applicable laws, regulations, and supervisory guidance (e.g., advisory bulletins) governing the independence and adequacy of internal audit systems.

Standard 3—Management of Market Risk Exposure Responsibilities of the Board of Directors

1. Regarding the overall management of market risk exposure, the board of directors should remain sufficiently informed about the nature and level of the regulated entity's market risk exposures. At least annually, the board should review the entire market risk framework, including policies and risk limits, and provide an assessment of compliance.

2. Regarding the policies, practices and procedures surrounding the management of market risk, the board of directors should approve all major strategies and policies relating to the management of market risk, ensure all major strategies and policies are consistent with the overall business plan, establish and communicate a market risk tolerance, and ensure appropriate corrective measures are taken when market risk limit violations or breaches occur.

3. The board, or a board appointed committee, should oversee the adequacy of actions taken by senior management to identify, measure, manage, and control market risk exposures, ensure market risk policies establish lines of authority and responsibility, and review risk exposures on a periodic basis.

Responsibilities of Senior Management

4. Regarding the overall management of market risk exposure, senior management should provide sufficient and timely information to the board of directors, ensure personnel are appropriately trained and competent, ensure adequate systems and resources are available to manage and control market risk, report any breaches to the board of directors (or the appropriate board committee), and take appropriate remedial action.

5. Regarding the policies, practices, and procedures surrounding market risk exposure, senior management should ensure market risk policies and procedures are clearly written, sufficiently detailed, and followed. Approved policies and procedures should include clear market risk limits and lines of authority for managing market risk.

Market Risk Strategy

6. A regulated entity should have a clearly defined and well-documented strategy for managing market risk, which must be consistent with its overall business plan, must enable the regulated entity to identify, manage, monitor, and control the regulated entity's risk exposures on a business unit and an enterprise-wide basis, and must ensure that the lines of authority and responsibility for managing market risk and monitoring market risk limits are clearly identified. The strategy should specify a target account, or target accounts, for managing market risk (e.g., specify whether the objective is to control risk to earnings, net portfolio value, or some other target, or some combination of targets), and, if a market risk limit is breached, should require that the breach be reported to the board of directors, or the appropriate board committee, and that appropriate remedial action, including any ordered by the board of directors, should be taken.

7. Management should ensure that the board of directors is made aware of the advantages and disadvantages of the regulated entity's chosen market risk management strategy, as well as those of alternative strategies, so that the board of directors can make an informed judgment about the relative efficacy of the different strategies.

8. A Bank's strategy for managing market risk should take into account the importance of maintaining the market value of equity of member stock commensurate with the par value of that stock so that the Bank is able to redeem and repurchase member stock at par value.

9. A regulated entity should comply with all applicable laws, regulations, and supervisory guidance, (e.g., advisory bulletins) governing the independence and adequacy of the management of market risk exposure.

Standard 4—Management of Market Risk—Measurement Systems, Risk Limits, Stress Testing, and Monitoring and Reporting Risk Measurement Systems

1. A regulated entity should have a risk measurement system (a model or models) that capture(s) all material sources of market risk and provide(s) meaningful and timely measures of the regulated entity's risk exposures, as well as personnel who are appropriately trained and competent to operate and oversee the risk measurement system.

2. The risk measurement system should be capable of estimating the effect of changes in interest rates and other key risk factors on the regulated entity's earnings and market value of equity over a range of scenarios.

3. The measurement system should be capable of valuing all financial assets and liabilities in the regulated entity's portfolio.

4. The measurement system should address all material sources of market risk including repricing risk, yield curve risk, basis risk, and options risk.

5. Management should ensure the integrity and timeliness of the data inputs used to measure the regulated entity's market risk exposures, and should ensure that assumptions and parameters are reasonable and properly documented.

6. The measurement system's methodologies, assumptions, and parameters should be thoroughly documented, understood by management, and reviewed on a regular basis.

7. A regulated entity's market risk model should be upgraded periodically to incorporate advances in risk modeling technology.

8. A regulated entity should have a documented approval process for model changes that requires model changes to be authorized by a party independent of the party making the change.

9. A regulated entity should ensure that its models are independently validated on a regular basis.

Risk Limits

10. Risk limits should be consistent with the regulated entity's strategy for managing interest rate risk and should take into account the financial condition of the regulated entity, including its capital position.

11. Risk limits should address the potential impact of changes in market interest rates on net interest income, net income, and the regulated entity's market value of equity.

Stress Testing

12. A regulated entity should conduct stress tests on a regular basis for a variety of institution-specific and market-wide stress scenarios to identify potential vulnerabilities and to ensure that exposures are consistent with the regulated entity's tolerance for risk.

13. A regulated entity should use stress test outcomes to adjust its market risk management strategies, policies, and positions and to develop effective contingency plans.

14. Special consideration should be given to ensuring that complex financial instruments, including instruments with complex option features, are properly valued under stress scenarios and that the risks associated with options exposures are properly understood.

15. Management should ensure that the regulated entity's board of directors or a committee thereof considers the results of stress tests when establishing and reviewing its strategies, policies, and limits for managing and controlling interest rate risk.

16. The board of directors and senior management should review periodically the design of stress tests to ensure that they encompass the kinds of market conditions under which the regulated entity's positions and strategies would be most vulnerable.

Monitoring and Reporting

17. A regulated entity should have an adequate management information system for reporting market risk exposures.

18. The board of directors, senior management, and the appropriate line managers should be provided with regular, accurate, informative, and timely market risk reports.

Applicable Laws, Regulations, and Policies

19. A regulated entity should comply with all applicable laws, regulations, and supervisory guidance (e.g., advisory bulletins) governing the management of market risk.

Standard 5—Adequacy and Maintenance of Liquidity and Reserves Responsibilities of the Board of Directors

1. Regarding the adequacy and maintenance of liquidity and reserves, the board of directors should review (at least annually) all major strategies and policies governing this area, approve appropriate revisions to such strategies and policies, and ensure senior management are appropriately trained to effectively manage liquidity.

Responsibilities of Senior Management

2. Regarding the adequacy and maintenance of liquidity and reserves, senior management should develop strategies, policies, and practices to manage liquidity risk, ensure personnel are appropriately trained and competent, and provide the board of directors with periodic reports on the regulated entity's liquidity position.

Policies, Practices, and Procedures

3. A regulated entity should establish a liquidity management framework that ensures it maintains sufficient liquidity to withstand a range of stressful events.

4. A regulated entity should articulate a liquidity risk tolerance that is appropriate for its business strategy and its mission goals and objectives.

5. A regulated entity should have a sound process for identifying, measuring, monitoring, controlling, and reporting its liquidity position and its liquidity risk exposures.

6. A regulated entity should establish a funding strategy that provides effective diversification in the sources and tenor of funding.

7. A regulated entity should conduct stress tests on a regular basis for a variety of institution-specific and market-wide stress scenarios to identify sources of potential liquidity strain and to ensure that current exposures remain in accordance with each regulated entity's established liquidity risk tolerance.

8. A regulated entity should use stress test outcomes to adjust its liquidity management strategies, policies, and positions and to develop effective contingency plans.

9. A regulated entity should have a formal contingency funding plan that clearly sets out the strategies for addressing liquidity shortfalls in emergencies. Where practical, contingent funding sources should be tested or drawn on periodically to assess their reliability and operational soundness.

10. A regulated entity should maintain adequate reserves of liquid assets, including adequate reserves of unencumbered, marketable securities that can be liquidated to meet unexpected needs.

Applicable Laws, Regulations, and Policies

11. A regulated entity should comply with all applicable laws, regulations, and supervisory guidance (e.g., advisory bulletins) governing the adequacy and maintenance of liquidity and reserves.

Standard 6—Management of Asset and Investment Portfolio Growth Responsibilities of the Board of Directors and Senior Management

1. Regarding the management of asset and investment portfolio growth, the board of directors is responsible for overseeing the management of growth in these areas, ensuring senior management are appropriately trained and competent, establishing policies governing the regulated entity's assets and investment growth, with prudential limits on the growth of mortgages and mortgage-backed securities, and reviewing policies at least annually.

2. Regarding the management of asset and investment portfolio growth, senior management should adhere to board-approved policies governing growth in these areas, and ensure personnel are appropriately trained and competent to manage the growth.

Risk Measurement, Monitoring, and Control

3. A regulated entity should manage its asset growth and investment growth in a prudent manner that is consistent with the regulated entity's business strategy, board-approved policies, risk tolerances, and safe and sound operations, and should establish prudential limits on the growth of its portfolios of mortgage loans and mortgage backed securities.

4. A regulated entity should manage asset growth and investment growth in a way that is compatible with mission goals and objectives.

5. A regulated entity should manage investments and acquisition of assets in a way that complies with all applicable laws, regulations, and supervisory guidance (e.g., advisory bulletins).

Standard 7—Investments and Acquisitions of Assets Responsibilities of the Board of Directors and Senior Management

1. The board of directors is responsible for overseeing the regulated entity's investments and acquisition of other assets, ensuring senior management are appropriately trained and competent, and establishing, approving and periodically reviewing policies and procedures governing investments and acquisitions of other assets.

Policies, Practices, and Procedures

2. A regulated entity should have a board-approved investment policy that establishes clear and explicit guidelines that are appropriate to the regulated entity's mission and objectives. The investment policy should establish the regulated entity's investment objectives, risk tolerances, investment constraints, and policies and procedures for selecting investments.

3. A regulated entity should have a board-approved policy governing acquisitions of major categories of assets other than investments. The policy should establish clear and explicit guidelines for asset acquisitions that are appropriate to the regulated entity's mission and objectives.

4. A regulated entity should manage investments and acquisitions of assets prudently and in a manner that is consistent with mission goals and objectives.

5. Each Bank's investment policies and acquisition of assets should take into account the importance of maintaining the market value of member stock commensurate with the par value of that stock so that the Bank is able to redeem and repurchase member stock at par value at all times.

6. A regulated entity should manage investments and acquisitions of assets in a way that complies with all applicable laws, regulations, and supervisory guidance (e.g., advisory bulletins).

Standard 8—Overall Risk Management Processes Responsibilities of the Board of Directors

1. Regarding overall risk management processes, the board of directors is responsible for overseeing the process, ensuring senior management are appropriately trained and competent, ensuring processes are in place to identify, manage, monitor and control risk exposures (this function may be delegated to a board appointed committee), approving all major risk limits, and ensuring incentive compensation measures for senior management capture a full range of risks to the regulated entity or the Office of Finance.

Responsibilities of the Board and Senior Management

2. Regarding overall risk management processes, the board of directors and senior management should establish and sustain a culture that promotes effective risk management. This culture includes timely, accurate and informative risk reports, alignment of the overall risk profile of the regulated entity or the Office of Finance with its mission objectives, and the annual review of comprehensive self-assessments of material risks.

Independent Risk Management Function

3. A regulated entity or the Office of Finance should have an independent risk management function, or unit, with responsibility for risk measurement and risk monitoring, including monitoring and enforcement of risk limits.

4. The chief risk officer should head the risk management function.

5. The chief risk officer should report directly to the chief executive officer and the risk committee of the board of directors.

6. The risk management function should have adequate resources, including a well-trained and capable staff.

Risk Measurement, Monitoring, and Control

7. Each regulated entity and the Office of Finance should measure, monitor, and control its overall risk exposures, reviewing, as applicable, market, credit, liquidity, and operational risk exposures on both a business unit (or business segment) and enterprise-wide basis.

8. Each regulated entity and the Office of Finance should have the risk management systems to generate, at an appropriate frequency, the information needed to manage risk. As applicable, such systems should include systems for market, credit, operational, and liquidity risk analysis, asset and liability management, regulatory reporting, and performance measurement.

9. Each regulated entity and the Office of Finance should have a comprehensive set of risk limits and monitoring procedures to ensure that risk exposures remain within established risk limits, and a mechanism for reporting violations and breaches of risk limits to senior management and the board of directors.

10. Each regulated entity and the Office of Finance should ensure that it has sufficient controls around risk measurement models to ensure the completeness, accuracy, and timeliness of risk information.

11. Each regulated entity and the Office of Finance should have adequate and well-tested disaster recovery and business resumption plans for all major systems and have remote facilitates to limit the impact of disruptive events.

Applicable Laws, Regulations, and Policies

12. As applicable, each regulated entity and the Office of Finance should comply with all applicable laws, regulations, and supervisory guidance (e.g., advisory bulletins) governing the management of risk.

Standard 9—Management of Credit and Counterparty Risk Responsibilities of the Board of Directors and Senior Management

1. Regarding the management of credit and counterparty risk, the board of directors and senior management are responsible for ensuring that the regulated entity has appropriate policies, procedures, and systems that cover all aspects of credit administration, including credit pricing, underwriting, credit limits, collateral standards, and collateral valuation procedures. This should also include derivatives and the use of clearing houses. They are also responsible for ensuring personnel are appropriately trained, competent, and equipped with the necessary tools, procedures and systems to assess risk.

2. Senior management should provide the board of directors with regular briefings and reports on credit exposures.

Policies, Procedures, Controls, and Systems

3. A regulated entity should have policies that limit concentrations of credit risk and systems to identify concentrations of credit risk.

4. A regulated entity should establish prudential limits to restrict exposures to a single counterparty that are appropriate to its business model.

5. A regulated entity should establish prudential limits to restrict exposures to groups of related counterparties that are appropriate to its business model.

6. A regulated entity should have policies, procedures, and systems for evaluating credit risk that will enable it to make informed credit decisions.

7. A regulated entity should have policies, procedures, and systems for evaluating credit risk that will enable it to ensure that claims are legally enforceable.

8. A regulated entity should have policies and procedures for addressing problem credits.

9. A regulated entity should have an ongoing credit review program that includes stress testing and scenario analysis.

Applicable Laws, Regulations, and Policies

10. A regulated entity should manage credit and counterparty risk in a way that complies with applicable laws, regulations, and supervisory guidance (e.g., advisory bulletins).

Standard 10—Maintenance of Adequate Records

1. Each regulated entity and the Office of Finance should maintain financial records in compliance with Generally Accepted Accounting Principles (GAAP), FHFA guidelines, and applicable laws and regulations.

2. Each regulated entity and the Office of Finance should ensure that assets are safeguarded and financial and operational information is timely and reliable.

3. Each regulated entity and the Office of Finance should have a records retention program consistent with laws and corporate policies, including accounting policies, as well as personnel that are appropriately trained and competent to oversee and implement the records management plan.

4. Each regulated entity and the Office of Finance, with oversight from its board of directors, should conduct a review and approval of the records retention program and records retention schedule for all types of records at least once every two years.

5. Each regulated entity and the Office of Finance should ensure that reporting errors are detected and corrected in a timely manner.

6. Each regulated entity and the Office of Finance should comply with all applicable laws, regulations, and supervisory guidance (e.g., advisory bulletins) governing the maintenance of adequate records.

[77 FR 33959, June 8, 2012, as amended at 80 FR 72336, Nov. 19, 2015; 89 FR 3540, Jan. 19, 2024]