Voglio sapere a riguardo di…

lotter on DSK11XQN23PROD with RULES2

50966

Federal Register / Vol. 86, No. 174 / Monday, September 13, 2021 / Rules and Regulations
include traditional gift giving events or gift between family and friends. CoBank supported the de minimis gift exception. Twelve commenters asked that the rule clarify gifts reported do not include de minimis gifts. FCB of Texas commented that the limitations on gifts is more restrictive than the current rule or past proposals as this rule does not tie gift restrictions to those intended to influence official actions. This commenter then stated that FCA offered no rationale for the more restrictive gift rules. FCB of Texas also identified inconsistencies with this provision as compared to the proposed reporting provisions which allow exceptions for de minimis gifts. FCB of Texas suggested that to resolve this, at a minimum, the rule should replace the word prohibiting with the words governing permissible gifts. FCB of Texas also suggested allowing specific exceptions for reasonable business expenses like those outlined in the FDICs Guidelines for Compliance with the Federal Bank Bribery Laws.15
The final rule clarifies that the required policies and procedures on gifts address those gifts not otherwise prohibited by FCA regulation. As requested by commenters, the final rule alters proposed language on the contents of these policies and procedures to provide that institutions may make appropriate exceptions for gift giving related to non-business events as long as gift exchanges would not be viewed as an attempt to influence official institution activities. While commenters suggested various changes and specific exceptions on gifts, in keeping with the principals-based approach of this rulemaking the final rule does not adopt those detailed suggestions nor do we include a de minimis level. Instead, the rule leaves it to the institution to set specific gift parameters. The final rule also clarifies that authorized gift exchanges must have de minimis thresholds at both the individual gift level and in the annual aggregate, per recipient.
We do not believe the restrictions on gifts are more restrictive. The principles-based approach to the regulations allows the institutions to set criteria for accepting gifts and includes an exception for non-business events where the gift is not viewed by the institution as attempting to influence official institution business. We encourage institutions to have internal 15 Federal Deposit Insurance Corporation, FDIC
Law, Regulations, Related Acts. 5000Statements of Policy, Guidelines for Compliance With the Federal Bank Bribery Law, Nov. 10, 1987, https
www.fdic.gov/regulations/laws/rules/50002300.htmlfdic5000guidelinesfc.

VerDate Sep<11>2014

19:08 Sep 10, 2021

Jkt 253001

controls or policies to ensure adequate de minimis levels are set and followed.
The final rule retains the proposed requirement that the policies and procedures establish disclosure requirements for gifts received as well as any disposed of because they were impermissible. In response to other changes, this provision is renumbered as 612.2137d5.
vi SOC Program Enforcement.
612.2137d6
Proposed paragraphs d4 and 5
would require SOC program policies and procedures to discuss how the SOC
program is monitored and enforced. We received no substantive comments on this area, but there were related comments asking us to clarify the role of the SOCO in enforcement actions. We finalize the rule in this area substantially as proposed but make some changes to improve readability and clarity, including consolidating the provisions into renumbered paragraph d6. As requested by commenters, we also specifically require the policies and procedures identify who is authorized to take enforcement actions and discuss the SOCO role in investigating certain conduct issues.
vii Anonymous Reporting.
612.2137d7
The proposed rule would require internal controls for anonymous reporting of suspected standards of conduct and Code of Ethics violations through a hotline or other reporting procedure. FCB of Texas suggested adding language to clarify that reporting is for any individual action. CoBank stated that this provision appears to codify the Whistleblower Program that is already in place for reporting financial improprieties and used for other types of anonymous reporting and thus the new provision should be eliminated. We finalize the rule substantially as proposed but add reference to individuals making a report and make small changes to improve readability. We feel that providing an avenue to anonymously report both known and suspected violations is an important part of a Standards of Conduct Program and believe it should be included within SOC program policies and procedures even when there is Whistleblower Program in place. We also add that nothing in the rule prevents institutions from adapting existing Whistleblower or Hotline programs for SOC program purposes. In response to other changes, this provision is renumbered as 612.2137d7.

PO 00000

Frm 00012

Fmt 4701

Sfmt 4700

3d. Internal Controls for SOC Program.
612.2137e Proposed 612.2137e would require each System institution to arrange periodic internal audits of the Standards of Conduct Program to identity weaknesses, measure effectiveness, and conduct reviews to prescribe necessary corrective actions. Two commenters said the program as written would be costly to implement especially for those associations who do not have an internal audit department. The commenters asked that the word internal be removed to allow for outsourcing the service. One commenter also asked if FCA was requiring each institution to establish a new department of internal SOC audits.
Another commenter asked us to explain how the provision would be applied at unincorporated business entities UBE
of a System institution.
We finalize the rule in this area substantially as proposed but, as discussed earlier, moved some provisions to other paragraphs. We also add a heading to the paragraph in keeping with the overall format of the rule. We make some clarifying changes considered necessary based on comments received and to improve readability. The final rule clarifies that the institutions board of directors establishes the internal controls program but does so with the assistance of the SOCO and other officers of the institution. However, the board ultimately decides the scope of the internal review and identifies who will conduct the audit. Also, the final rule clarifies that all audit results of the SOC
program go directly to the board. A
commenter asked about the proposed rules reference to UBEs so the final rule adds reference to FCA regulations in 611.1150b.
The final rules requirement for an internal audit of the SOC program refers to an audit of the internal operations of the program. It does not limit the persons who perform the audit.
System institutions are not required to establish an internal audit department.
While we recognize there could be some additional costs involved, the audit could be a component of the institutions risk assessment process as established by the Audit Committee and conducted by a person or entity independent of the Standards of Conduct Program. The board is responsible for identifying who will conduct the internal audit, which is important to ensure the program is being managed effectively. We believe that to ensure a strong ethical culture, ethical conduct must be encouraged
E:FRFM13SER2.SGM

13SER2