12 November 1997
Source: http://www.access.gpo.gov/su_docs/aces/aces140.html

-----------------------------------------------------------------------

[Federal Register: October 3, 1997 (Volume 62, Number 192)]
[Proposed Rules]
[Page 51817-51821]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr03oc97-32]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of Thrift Supervision

12 CFR Part 545

[97-100]
RIN 1550-AB00


Electronic Operations

AGENCY: Office of Thrift Supervision, Treasury.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The Office of Thrift Supervision (OTS) is proposing to
streamline and update regulations relating to electronic operations.
The proposal would amend OTS electronic-related regulations to address
advances in technology, and to permit prudent innovation for the use of
emerging technology by Federal savings associations. This NPR is issued
pursuant to the Regulatory Reinvention Initiative of the Vice
President's National Performance Review and section 303 of the
Community Development and Regulatory Improvement Act of 1994.

DATES: Comments must be received on or before December 2, 1997.

ADDRESSES: Send comments to Manager, Dissemination Branch, Records
Management and Information Policy, Office of Thrift Supervision, 1700 G
Street, NW., Washington, DC 20552, Attention Docket No. 97-100. These
submissions may be hand-delivered to 1700 G Street, NW., from 9:00 a.m.
to 5:00 p.m. on business days; they may be sent by facsimile
transmission to FAX Number (202) 906-7755 or by e-mail
public.info@ots.treas.gov. Those commenting by e-mail should include
their name and telephone number. Comments will be available for
inspection at 1700 G Street, NW., from 9:00 a.m. until 4:00 p.m. on
business days.

FOR FURTHER INFORMATION CONTACT: Valerie J. Lithotomos, Counsel
(Banking and Finance), (202) 906-6439; Karen A. Osterloh, Assistant
Chief Counsel, (202) 906-6639; Paul D. Glenn, Special Counsel, Chief
Counsel's Office, (202) 906-6203; Paul J. Robin, Program Analyst,
Compliance Policy, (202) 906-6648; or Paul R. Reymann, Policy Analyst,
Supervision Policy, (202) 906-5645, Office of Thrift Supervision, 1700
G Street NW., Washington, DC 20552.

SUPPLEMENTARY INFORMATION:

I. Background

    On April 2, 1997, OTS published an advance notice of proposed
rulemaking (ANPR) seeking comment on all aspects of banking affected by
electronic operations.<SUP>1</SUP> OTS solicited comments on whether
its existing regulations are sufficiently flexible to permit Federal
savings associations to engage in appropriate electronic banking
activities, consistent with safety and soundness and applicable
statutes and regulations. OTS expressed concern that its current
regulations do not adequately address product innovation made possible
by advances in technology, and may impede prudent innovation by Federal
savings associations.
---------------------------------------------------------------------------

    \1\ 62 FR 15626 (April 2, 1997) (Notice of Proposed Rulemaking
on Deposits and Advance Notice of Proposed Rulemaking on Electronic
Banking.) A final rule on deposits will be published separately.
---------------------------------------------------------------------------

    OTS identified three existing regulations affecting a Federal
thrift's ability to engage in electronic activities. Two of these
regulations describe the type of facilities through which Federal
thrifts may deliver banking services. 12 CFR 545.141 (Remote Service
Units) (RSUs) and 12 CFR 545.142 (Home Banking Services). The third
regulation, at 12 CFR 545.138, provides the general authority to engage
in data processing activities and sell certain excess data processing
capacity. OTS sought comment on how to update these regulations, first
adopted in the early 1980s, to reflect current activities and use of
technologies. OTS also sought comment on certain technological issues
that its existing regulations do not address. These included issues
related to stored-value cards, the application of the Community
Reinvestment Act (CRA) to electronic banking, banking on the Internet,
and other new products and delivery systems.
    OTS received 19 comments from nine Federal savings associations,
four trade associations, two technology firms, two individuals or
groups of individuals, one Federal government agency, and a
representative of two major credit card companies. The comments are
discussed in further detail in the description of the proposed rule.
    Commenters suggested two broad principles to guide OTS in drafting
regulations on emerging electronic services:

<bullet> The public and insured depository institutions will be best
served if statutory and regulatory restrictions are kept to a minimum.
Commenters feared that the premature imposition of restrictive
operational standards would impede the development of improved
financial services.
<bullet> Savings associations should be permitted to compete
effectively with other regulated financial institutions and unregulated
firms offering financial and related services.

[[Page 51818]]

II. General Description of Proposed Rule

    Consistent with the principles identified, OTS is proposing to
issue a broad enabling regulation clarifying that Federal savings
associations may engage in any activity through electronic means that
it may conduct through more traditional delivery mechanisms. This
approach will enhance the ability of Federal savings associations to
serve as financial intermediaries. In addition, this approach will
permit Federal savings associations to fully utilize the by-products or
capacities generated in providing financial services through electronic
means. The approach will also permit Federal thrifts to creatively
provide access to financial services (subject, of course, to adequate
security measures). This proposal is consistent with the principles
established in the Administration's recent electronic commerce policy
statement.<SUP>2</SUP>
---------------------------------------------------------------------------

    \2\ See ``A Framework for Global Electronic Commerce'' (July 1,
1997). These principles are: (1) The private sector should lead; (2)
Governments should avoid undue restrictions on electronic commerce;
(3) Where governmental involvement is needed, its aim should be to
support and enforce a predictable, minimalist, consistent and simple
legal environment for commerce; (4) Governments should recognize the
unique qualities of the Internet; and (5) Electronic commerce over
the Internet should be facilitated on a global basis.
---------------------------------------------------------------------------

    The proposed rule would eliminate existing regulations that address
electronic operations at Sec. 545.138 (Data-processing Services),
Sec. 545.141 (Remote Services Units), and Sec. 545.132 (Home Banking
Services), and would add a new subpart B to part 545 to address
electronic operations. New subpart B uses plain language drafting
techniques consistent with National Performance Review instructions and
new guidance in the Federal Register Document Drafting Handbook
(January 1997 edition). The primary goal of plain language drafting is
to facilitate the understanding of regulations. Plain language drafting
emphasizes the use of informative headings (often written as a
question), non-technical language (including the use of ``you'') and
sentences in the active voice. The words ``I'' in a question and
``you'' in an answer, in the proposal, refer to a Federal savings
association. OTS intends to use plain language drafting in other future
regulatory projects to the extent possible.
    The provisions of the new subpart are discussed below in the
section-by-section analysis.

III. Section-by-Section Analysis

What Does This Subpart Do? (Proposed Sec. 545.140)

    Under the proposed rule, all current regulations addressing
electronic operations will be consolidated in part 545, subpart B. This
subpart describes how a Federal savings association may provide
products and services through electronic means and facilities. See
proposed Sec. 545.140.

How May I Use Electronic Means and Facilities? (Proposed Sec. 545.141)

    As noted above, two existing OTS regulations describe the type of
facilities through which Federal thrifts may deliver banking services
electronically. Section 545.141 addresses RSUs (including automated
teller machines (ATMs)). Section 545.142 addresses home banking
services. Currently, Federal thrifts' authority to provide banking
services through these authorities is restricted. For example, an RSU
may not be used to open a savings account or a demand account, or to
establish a loan account. See 12 CFR 545.141(b). Moreover, it is
unclear whether Sec. 545.142 would permit the opening of new accounts
or the processing of credit applications as home banking services.
    Commenters urged OTS to clarify and expand the activities permitted
under these authorities to include a broad range of products and
services, including opening deposit accounts and establishing loan
accounts. Commenters argued that removing activity restrictions would
serve the public interest by allowing thrifts to more effectively
compete in financial services, and by enhancing the availability of
financial services to the public. Commenters argued that removing the
existing activity restrictions would be consistent with 12 U.S.C.
1464(b)(1)(F) (which authorizes Federal savings associations to
establish RSUs) and congressional intent expressed in Section 2205 of
the Economic Growth and Regulatory Paperwork Reduction Act of 1996
(which eliminates the requirement that banks file branch applications
for ATMs).
    Consistent with OTS' goal of minimizing regulatory restrictions on
electronic operations, proposed Sec. 545.141 specifically permits
Federal savings associations to use electronic means or facilities to
perform any authorized function or provide any authorized product or
service. Under the new subpart, electronic means or facilities include,
but are not limited to automated teller machines, automated loan
machines, personal computers, the Internet, the World Wide Web,
telephones, and other similar electronic devices.<SUP>3</SUP> This
authority now includes the opening of savings or demand accounts and
the establishment of loan accounts--functions previously excluded from
the definition of remote service unit--because the performance of these
functions through electronic means may enhance the operating
flexibility of Federal thrifts.
---------------------------------------------------------------------------

    \3\ OTS will shortly provide guidance concerning consultation
procedures to be followed when a Federal savings association permits
customers to execute transactions by accessing the thrift's data
base using the customer's equipment or other equipment that is not
provided by the thrift.
---------------------------------------------------------------------------

    As part of this proposal, OTS is also revising its branch office
regulation to clarify that electronic facilities do not constitute a
branch office.<SUP>4</SUP>
---------------------------------------------------------------------------

    \4\ In the ANPR, OTS specifically asked for comment on whether
automated loan machines (ALMs) should be considered an RSU, a branch
office, or some other type of facility. ALMs may permit customers to
apply for and immediately receive loans via an automated terminal.
Commenters urged OTS to treat ALMs like RSUs, rather than branches.
These commenters argued that this treatment would provide savings
associations with the same flexible product delivery options as
competing financial institutions. See OCC Interpretive Letter #772
(March 6, 1997) (RSUs, ATMs, and ALMs are not branches for the
purposes of 12 U.S.C. 36). Under the proposed revisions to the OTS
regulation, ALMs would be electronic facilities subject to Subpart
B, and would not be branches.
---------------------------------------------------------------------------

When May I Sell the Electronic Capacities and By-Products That I Have
Acquired or Developed (Proposed Sec. 545.142)

    Under current Sec. 545.138, a savings association may engage in
limited data processing and data transmission services, sell by-
products incident to those services, and sell excess capacity. This
authority, however, is subject to significant constraints. For example,
under the current regulation, the authorized processing of data
generally encompasses a recordkeeping function, and does not include
making risk-based decisions through electronic means. Moreover, the
current OTS regulation limits the ability of a Federal savings
association to sell or market data processing and transmission
services, software, and excess capacity.
    Several commenters suggested that OTS should adopt a more flexible
data processing regulation. They urged OTS to permit the fullest
development and use of data processing technology. Commenters argued
that savings associations should not be restricted, relative to other
financial institutions, in providing new electronic services to
customers. Accordingly, many commenters suggested that OTS should

[[Page 51819]]

provide data processing authority for thrifts that is as expansive as
that for national banks. Several recommended that OTS use the
interpretations and regulations recently issued by the Office of the
Comptroller of the Currency (OCC) as a model for its regulation.
<SUP>5</SUP> Commenters argued that consistent regulations will
facilitate joint ventures between banks and thrifts and will further
the goal of ensuring uniformity of regulation under section 303 of the
Community Development and Regulatory Improvement Act. Only one
commenter, a data processing and software company, argued that OTS
should not encourage thrifts to expand their data processing operations
or software sales activities.
---------------------------------------------------------------------------

    \5\ See 12 CFR 7.1019 (1997). Under this OCC interpretation,
``(a) national bank may, in order to optimize the use of the bank's
resources, market and sell to third parties electronic capacities
acquired or developed by the bank in good faith for banking
purposes.''
---------------------------------------------------------------------------

    Proposed Sec. 545.142 is more permissive than the current data
processing services rule in that it provides that a Federal savings
association may market and sell electronic capacities and by-products
to third parties. The only condition imposed is that the thrift must
have acquired or developed these capacities and by-products in good
faith as part of providing financial services. This is substantially
identical to the condition imposed on national banks by the OCC.

How May I Participate With Others in the Use of Electronic Means and
Facilities? (Proposed Sec. 545.143)

    Proposed Sec. 545.143 would permit a savings association to
participate with others to perform, provide or deliver activities,
functions, products or services described in proposed Secs. 545.141 and
545.142. A Federal savings association may participate with an entity
that is not subject to examination by a Federal agency regulating
financial institutions only if that entity has agreed, in writing, to
permit OTS to examine its electronic means or facilities, to pay for
any related OTS examination fees, and to make all relevant records in
its possession, written or electronic, available to OTS for
examination.
    The provisions governing examination are not new requirements.
Current Sec. 545.138(f) provides that if a Federal savings association
participates with others to establish or maintain a data processing
office and the participating entity is not subject to examination by a
Federal agency regulating financial institutions, the entity must
agree, in writing, with OTS that it will permit and pay for the
examination. Current Sec. 545.141(f) also contains a similar
requirement where a Federal savings association shares an RSU with
another entity.
    If the participation by a Federal savings association is through a
service corporation, OTS' service corporation rules apply. See 12 CFR
559.4 (1997).

What Security Precautions Must I Take? (Proposed Sec. 545.144)

    In the ANPR, OTS asked whether it should mandate a specific level
of encryption with regard to certain electronic activities including
the Internet, or whether it should merely permit general safety and
soundness principles to govern electronic operations.
    Several commenters argued that security issues are manageable and
should be regulated only as a part of the safety and soundness
evaluation of each institution. Other commenters recommended specific
security procedures such as restricting the use of reusable passwords
as a means of authentication where the password would cross a network,
or specifying a particular type (or types) of encryption for Internet
transactions. One commenter suggested that all institutions should have
written policies and procedures to address firewall and data security
issues, and should regularly test to assure that violations are not
occurring.
    While OTS is extremely concerned that Federal savings associations
establish appropriate security measures when they engage in electronic
operations, the proposed rule does not codify static security
requirements. Electronic security standards are undergoing constant
revision and change.<SUP>6</SUP> OTS believes that it is impracticable
to prescribe the security measures for the indefinite future that every
thrift must implement when methods of electronic commerce and their
attendant security measures are continually evolving.
---------------------------------------------------------------------------

    \6\ For example, bit lengths used by the industry to
authenticate the identity of users has increased over the past few
years from 40 to 56 bits. Certain providers now use bit lengths in
excess of 100 bits.
---------------------------------------------------------------------------

    Instead, proposed Sec. 545.144 provides that a Federal savings
association should adopt standards and policies that are designed to
ensure secure operations. In addition, a Federal thrift must implement
security measures adequate to prevent unauthorized access to its
records and its customers' records, and to prevent financial fraud
through the use of electronic means or facilities.<SUP>7</SUP> OTS
expects Federal savings associations to establish security measures
that are consistent with current industry standards, and to continually
monitor and regularly update these security procedures to keep pace
with changes to industry standards. For example, the association should
maintain records documenting attempts to gain unauthorized access to
its data base.
---------------------------------------------------------------------------

    \7\ In certain cases, OTS has required (and may require in the
future on a case-by-case basis) specific security precautions. For
example, OTS has required applicants to provide assurances of
adequate security over the Internet, including adequate encryption
and independent testing. See OTS Order No. 95-88, Security First
Network Bank (May 8, 1995). In approving that application, OTS
required, among other things, the institution to perform independent
tests of the functionality and security of its operations before and
after initial implementation.
---------------------------------------------------------------------------

    In addition, a Federal savings association must comply with the
current security devices requirements of Part 568 if it provides an
automated teller machine, an automated loan machine, or other similar
electronic devices. These security requirements are based on current
Secs. 545.138(d) and 545.141(e).

IV. Emerging Technologies

    The ANPR asked for commenter input on how other regulations, such
as those implementing the CRA, might be affected as technology modifies
how and where depository institutions provide services. OTS asked
several specific questions relating to the application of the CRA to
electronic banking activities.
    Several commenters predicted that the current CRA requirements will
become increasingly problematic as institutions offer more loans over
the Internet. These commenters urged OTS to consult with the other
banking agencies and develop interagency CRA guidelines to address the
emerging technologies.<SUP>8</SUP> Other commenters urged the banking
agencies to defer the issuance of any new CRA guidance until regulators
and financial institutions gain more experience with electronic banking
services and the existing CRA regulations.
---------------------------------------------------------------------------

    \8\ These commenters suggested various alternative means for
satisfying CRA requirements. For example, commenters suggested that
the banking agencies should give CRA credit for loans made via
electronic means to low- or moderate-income borrowers who reside
outside the institution's service area.
---------------------------------------------------------------------------

    To avoid unnecessary compliance costs on the industry, OTS intends
to permit the new electronic technologies to develop within the
existing framework of law and regulation. This framework includes
consumer protection laws, such as the CRA regulations, the Electronic
Funds

[[Page 51820]]

Transfer Act (Regulation E), safety and soundness regulations, and
other applicable statutes and regulations. If additional consumer
protection or other regulatory responses are necessary to respond to
emerging technologies, OTS will take necessary steps in the future. To
the extent that the regulatory response will require interagency
action, OTS will coordinate its response with those of the other
Federal banking agencies.
    In the ANPR, OTS specifically requested comment on the appropriate
regulatory response to various emerging technologies including stored-
value cards. The term ``stored-value card'' covers a wide range of
products. In general, these cards store information and monetary value
electronically on a magnetic strip or computer chip, and can be used to
purchase goods and services. There are significant differences in how
various systems store monetary balances and transaction information,
and how they authorize transactions. OTS regulations are currently
silent on stored-value technology.<SUP>9</SUP>
---------------------------------------------------------------------------

    \9\ However, OTS has concluded that a Federal savings
association may market and sell one type of stored-value under the
incidental powers doctrine. See OTS Opinion Chief Counsel (August
21, 1996) (prepaid telephone cards).
---------------------------------------------------------------------------

    The ANPR also raised several questions regarding Internet banking
services. For example, OTS asked whether it should impose any
restrictions or requirements on banking over the Internet or whether it
should rely on general safety and soundness principles to govern a safe
system of operation. The current OTS regulations are also silent on
Internet operations.<SUP>10</SUP>
---------------------------------------------------------------------------

    \10\ OTS, however, approved the nation's first Internet bank in
1995. More recently, OTS issued an opinion that concluded that a
Federal savings association, through a service corporation or an
operating subsidiary, may offer its customers banking services via
an Internet connection to the savings association's home banking
system, and afford access to the Internet for non-banking purposes
to customers and others living in the savings association's service
area. See Letter Opinion Deputy Chief Counsel (April 14, 1997).
---------------------------------------------------------------------------

    Except for encryption and security issues that are discussed above,
commenters generally feared that premature regulation in this area
would stifle development, impose unnecessary compliance costs that
could deter investment by thrifts, and require extensive updating to
keep abreast of market changes. Commenters generally concluded that it
was neither necessary nor appropriate to establish new restrictions or
requirements on these operations until fundamental issues involving
these technologies are resolved.
    The increasing emergence of new technologies underscores the
importance of granting thrifts broad latitude to provide new services
through electronic means and facilities as these means and facilities
evolve. Rather than extensive regulation in these areas, OTS has chosen
to permit thrifts to perform any authorized function or to provide any
authorized product or service through electronic means or facilities
including stored-value cards, the Internet or other emerging electronic
technologies. As OTS gains additional experience with electronic
technology, it may issue more specific guidance regulating particular
elements of electronic operations. Until that time, a Federal savings
association's exercise of this authority remains subject to existing
safety and soundness requirements, consumer protection requirements,
commercial law, and other applicable requirements.

V. Request for Comments

    OTS invites comment on all aspects of the NPR. Commenters noted
that several trade associations have organized committees and task
forces to address electronic operations. OTS welcomes comment from
these committees.

VI. Executive Order 12866

    The Director of OTS has determined that this proposed rule does not
constitute a ``significant regulatory action'' for the purposes of
Executive Order 12866.

VII. Regulatory Flexibility Act Analysis

    Pursuant to section 605(b) of the Regulatory Flexibility Act, OTS
certifies that this proposed rule will not have a significant impact on
a substantial number of small entities. The proposal lowers regulatory
burdens on all savings associations, including small savings
associations.

VIII. Unfunded Mandates Act of 1995

    Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law
104-4 (Unfunded Mandates Act), requires that an agency prepare a
budgetary impact statement before promulgating a rule that includes a
Federal mandate that may result in expenditure by state, local, and
tribal governments, in the aggregate, or by the private sector, of $100
million or more in any one year. If a budgetary impact statement is
required, section 205 of the Unfunded Mandates Act also requires an
agency to identify and consider a reasonable number of regulatory
alternatives before promulgating a rule. As discussed in the preamble,
this proposed rule reduces regulatory burden. OTS has determined that
the proposed rule will not result in expenditures by state, local, or
tribal governments or by the private sector of $100 million or more.
Accordingly, this rulemaking is not subject to section 202 of the
Unfunded Mandates Act.

List of Subjects in 12 CFR Part 545

    Accounting, Consumer protection, Credit, Electronic funds
transfers, Investments, Reporting and recordkeeping requirements,
Savings associations.

    Accordingly, the Office of Thrift Supervision hereby proposes to
amend part 545, chapter V, title 12, Code of Federal Regulations as set
forth below:

PART 545--OPERATIONS

    The authority citation for part 545 continue to read as follows:

    Authority: 12 U.S.C. 1462a, 1463, 1464, 1828.

    2. Existing Secs. 545.1 through 545.135 are designated as subpart A
and the subpart heading is added to read as follows:

Subpart A--Operations

* * * * *
    3. Section 545.92 is amended by revising paragraph (a) to read as
follows:

Sec. 545.92  Branch offices.

    (a) General. A branch office of a Federal savings association is
any office other than its home office, agency office, administrative
office, data processing office, or electronic facility under subpart B
of this part.
* * * * *

Secs. 545.138 through 545.142  [Removed]

    4. Sections 545.138 through 545.142 are removed.
    5. A new subpart B is added to part 545 to read as follows:

Subpart B--Electronic Operations

Sec. 545.140  What does this subpart do?
Sec. 545.141  How may I use electronic means and facilities?
Sec. 545.142  When may I sell electronic capacities and by-products
that I have acquired or developed?
Sec. 545.143  How may I participate with others in the use of
electronic means and facilities?
Sec. 545.144  What security precautions must I take?

Sec. 545.140  What does this subpart do?

    This subpart describes how a Federal savings association (``you'')
may provide products and services through electronic means and
facilities.

[[Page 51821]]

Sec. 545.141  How may I use electronic means and facilities?

    You may use electronic means or facilities to perform any
authorized function, or provide any authorized product or service.
Electronic means or facilities include, but are not limited to
automated teller machines, automated loan machines, personal computers,
the Internet, the World Wide Web, telephones, and other similar
electronic devices.

Sec. 545.142  When may I sell electronic capacities and by-products
that I have acquired or developed?

    You may market and sell electronic capacities and by-products to
third-parties if you acquired or developed these capacities and by-
products in good faith as part of providing financial services.

Sec. 545.143  How may I participate with others in the use of
electronic means and facilities?

    You may participate with others to perform, provide, or deliver
through electronic means and facilities any activity, function,
product, or service described under Secs. 545.141 and 545.142. If the
participating entity is not subject to examination by a Federal agency
regulating financial institutions, you may participate with that entity
only if it has agreed in writing with the OTS that it will:
    (a) Permit the examination of its electronic means or facilities,
as the OTS deems necessary;
    (b) Pay for any related OTS examination fees; and
    (c) Make all relevant records in its possession, written or
electronic, available to the OTS for examination.

Sec. 545.144  What security precautions must I take?

    If you use electronic means and facilities under this subpart, you
should adopt standards and policies that are designed to ensure secure
operations. You must implement security measures adequate to prevent:
    (a) Unauthorized access to your records and your customers'
records; and
    (b) Financial fraud through the use of electronic means or
facilities. If you provide an automated teller machine, an automated
loan machine, or other similar electronic devices, you must comply with
the security devices requirements of part 568 of this chapter.

    Dated: September 26, 1997.

    By the Office of Thrift Supervision.
Nicolas P. Retsinas,
Director.
[FR Doc. 97-26104 Filed 10-2-97; 8:45 am]
BILLING CODE 6720-01-P