[Federal Register Volume 67, Number 96 (Friday, May 17, 2002)]
[Rules and Regulations]
[Pages 34992-35006]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 02-12333]
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
12 CFR Part 7
[Docket No. 02-07]
RIN 1557-AB76
Electronic Activities
AGENCY: Office of the Comptroller of the Currency, Treasury.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Office of the Comptroller of the Currency (OCC) is
amending its regulations in order to facilitate national banks' ability
to conduct business using electronic technologies, consistent with
safety and soundness. This final rule groups together new and revised
regulations addressing: national banks' exercise of their Federally
authorized powers through electronic means; the location, for purposes
of the Federal banking laws, of a national bank that engages in
activities through electronic means; and the disclosures required when
a national bank provides its customers with access to other service
providers through hyperlinks in the bank's website or other shared
electronic ``space.''
EFFECTIVE DATE: Section 7.5010 shall take effect on July 1, 2002. All
other sections of this final rule shall take effect on June 17, 2002.
FOR FURTHER INFORMATION CONTACT: Heidi M. Thomas, Special Counsel,
Legislative and Regulatory Activities, (202) 874-5090; James Gillespie,
Assistant Chief Counsel, (202) 874-5200; or Clifford Wilke, Director,
Bank Technology, (202) 874-5920.
SUPPLEMENTARY INFORMATION: On July 2, 2001, the OCC published a notice
of proposed rulemaking (NPRM) in the Federal Register requesting
comments on a proposal to update our regulations to reflect national
banks' use of new technologies and to provide simpler, clearer guidance
to national banks engaging in electronic activities.\1\ The proposal
codified several positions that the OCC has taken previously in
published interpretive letters to national banks. The proposal also
created a new subpart E to part 7 of the OCC's regulations to house
these and other OCC provisions related to the conduct of national bank
activities through electronic means.\2\
---------------------------------------------------------------------------
\1\66 FR 34855 (July 2, 2001).
\2\The OCC notes that it has established a website that contains
information relating to electronic banking activities. See http://www.occ.treas.gov/netbank/netbank.htm. This site includes a listing
of opinions, approval letters, supervisory guidance, and other
issuances on this subject and provides links to many of the
documents listed in this preamble.
---------------------------------------------------------------------------
Our proposal was the result of a focused review of our regulations
with the goal of revising them in ways that would facilitate national
banks' use of technology, consistent with safety and soundness. We
initiated this review by publishing an advance notice of proposed
rulemaking (ANPR).\3\ We developed the proposed rule, in large part, on
the comments received on this ANPR.
---------------------------------------------------------------------------
\3\65 FR 4895 (Feb. 2, 2000).
---------------------------------------------------------------------------
Description of Proposal, Comments Received, and Final Rule
The OCC received 22 comment letters on the proposal.\4\ These
comments include 10 from national banks, bank subsidiaries, and bank
holding companies; 5 from financial services trade associations; 4 from
credit card banks or lenders; 1 from a State regulatory group; and 2
from other interested parties. The majority of commenters supported
adoption of an electronic banking regulation in the form we proposed.
---------------------------------------------------------------------------
\4\The OCC received four other letters commenting on a study of
banking regulations regarding the online delivery of financial
services conducted by the Federal banking agencies pursuant to
section 729 of the Gramm-Leach-Bliley Act, Pub. L. 106-102, 113
Stat. 1338, 1476 (Nov. 12, 1999) (``GLBA''), codified at 12 U.S.C.
4801.
---------------------------------------------------------------------------
Some commenters, however, suggested modifications or articulated
concerns with certain aspects of this proposal. In light of these
comments, we have modified certain provisions of the proposed rule. The
most significant comments, and our responses, are discussed in the
following section-by-section analysis. As in the preamble to the
proposal, this section-by-section description is divided into three
categories: national bank powers; ``location'' with respect to the
conduct of electronic activities; and, safety and soundness
requirements for shared electronic ``space.''
A. National Bank Powers
1. National Bank Finder Authority (Revised Sec. 7.1002)
As we described in the proposal, the OCC has long permitted a
national bank to act as a finder to bring together buyers and sellers
of financial and non-financial products and services. Under our current
rules, a national bank acting as a finder may identify potential
parties, make inquiries as to interest, introduce or arrange meetings
of interested parties, and otherwise bring parties together for a
transaction that the parties themselves negotiate and consummate.\5\
Recently, national banks have used the finder authority to engage in
new activities made possible by technological developments, especially
the Internet.\6\
---------------------------------------------------------------------------
\5\See 12 CFR 7.1002.
\6\See OCC Conditional Approval No. 369 (Feb. 25, 2000)
(national bank may host a virtual mall consisting of a web page with
links to third-party merchants arranged according to product or
service offered; OCC Interpretive Letter No. 875, reprinted in
[Current Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81-369
(Oct. 31, 1999) (the components of Internet services package that
involve hosting of commercial web sites, registering merchants with
search engines and obtaining URLs, and electronic storage and
retrieval of the data set for a merchant's on-line catalog are
permissible finders activities authorized for national banks
pursuant to 12 U.S.C. 24(Seventh)); OCC Conditional Approval No. 221
(Dec. 4, 1996) (national banks, in the exercise of their finder
authority, may establish hyperlinks between their home pages and the
Internet pages of third-party providers so that bank customers will
be able to access those non-bank web sites from the bank site);
Letter from Julie L. Williams, Chief Counsel (Oct. 2, 1996)
(unpublished) (national bank as finder may use electronic means to
facilitate contacts between third-party providers and potential
buyers); OCC Interpretive Letter No. 611, reprinted in [1992-1993
Transfer Binder] Fed. Banking L. Rep. (CCH) para. 83,449 (Nov. 23,
1992) (national bank linking non-bank service providers to its
communications platform of smart phone banking services is within
its authority as a finder ``in bringing together a buyer and
seller;'' national banks may act as finders by providing to their
customers links to non-banking, third-party vendors' Internet web
sites); OCC Interpretive Letter No. 516, reprinted in [1990-1991
Transfer Binder] Fed. Banking L. Rep. (CCH) para. 83,220 (July 12,
1990) (national banks as finder may provide electronic
communications channels for persons participating in securities
transactions).
---------------------------------------------------------------------------
[[Page 34993]]
Section 7.1002 of the OCC's rules addresses national banks' finder
authority. The proposal sought comment on several changes to that
provision. First, the proposal stated that it is part of the business
of banking for a national bank to engage in finder activities,
codifying the position the OCC has taken in various interpretive
letters.\7\
---------------------------------------------------------------------------
\7\See, e.g., OCC Interpretive Letter No. 824, reprinted in
[1997-1998 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81,273
(Feb. 27, 1998) (determining, in the context of insurance
activities, that the ``finder function is an activity authorized for
national banks under 12 U.S.C. 24(Seventh) as part of the business
of banking.''). The OCC makes this determination pursuant to its
authority under section 24(Seventh) to authorize activities as part
of the business of banking. NationsBank of North Carolina v.
Variable Annuity Life Insurance Co., 513 U.S. 251, 258 n.2 (1995)
(VALIC) (``We expressly hold that the ``business of banking'' is not
limited to the enumerated powers in [section] 24 Seventh and that
the Comptroller therefore has discretion to authorize activities
beyond those specifically enumerated.''). In VALIC, the Court noted
that the Comptroller's exercise of discretion is subject to a
reasonableness standard. Id. It is clear that our determination that
finder activities are part of the business of banking satisfies this
standard. See Norwest Bank Minnesota, N.A. v. Sween Corp., 118 F.3d
1255, 1260 (8th Cir. 1997) (determining that finder activities were
authorized for a national bank because ``allowing banks to use their
expertise as an intermediary effectuating transactions between
parties facilitates the flow of money and credit through the
economy.''). The Sween court did not distinguish between activities
that are ``part of'' the business of banking and those that are
``incidental to'' that business, relying, instead, on the pre-VALIC
formulation of the analysis as whether an activity is ``closely
related to an express power and is useful in carrying out the
business of banking.'' Id. at 1260 (quoting First Nat. Bank of
Eastern Arkansas v. Taylor, 907 F.2d 775, 778 (8th Cir. 1990)). The
court's conclusions are nonetheless clear that finder activities are
authorized pursuant to 12 U.S.C. 24(Seventh) and that the
Comptroller's determination to that effect, embodied in the OCC's
regulations, was a reasonable construction of the statute.
---------------------------------------------------------------------------
Second, the proposal added a number of specific examples
illustrating the range of finder activities the OCC has authorized to
date. The preamble to the proposal made clear that this list was
illustrative and not exclusive, and that the OCC may find new
activities to be authorized under the finder authority that are not
specifically enumerated in the regulation.
Finally, the proposed rule modified the statement in the current
rule that the authority to act as a finder does not enable a national
bank to engage in activities that would characterize the bank as a
broker under Federal law that are not otherwise permissible for
national banks.\8\ We proposed this modification because the concept of
what constitutes acting as a broker is changing in response to
technology and is expanding for purposes of some regulatory
requirements that are unrelated to the authority of national banks to
conduct the activity.\9\ As we said in the proposal, however, this
modification does not affect whether activities regulated as brokerage
under State law are permissible for a national bank.
---------------------------------------------------------------------------
\8\The prior rule contained the express statement that acting as
a finder does not include activities that would characterize the
bank as a broker under applicable Federal law.
\9\See, e.g., ``SEC Redefines What Triggers B/D Registration,''
VII Compliance Rep. 1 (Apr. 10, 2000); and ``On-line Brokerage:
Keeping Apace of Cyberspace,'' Report of Laura S. Unger,
Commissioner, U.S. Securities and Exchange Commission 98-106 (Nov.
1999).
---------------------------------------------------------------------------
We received a number of comments on proposed Sec. 7.1002. Some of
these comments urged the OCC to include additional activities in the
illustrative list of those permissible for a national bank acting as
finder. For example, one commenter requested that the OCC authorize
national banks, acting as finders, to participate in negotiations,
negotiate on behalf of parties to a transaction, and bind parties to a
transaction so long as the bank itself is not a party and obligated as
a principal. Another commenter requested that the OCC endorse a broad
role of banks as electronic agents.
After carefully reviewing these comments, we have declined to make
changes to the extent suggested.\10\ Rather, we will consider these,
and similar expanded types of finder activities, on a case-by-case
basis for the time being.
---------------------------------------------------------------------------
\10\We note, however, a bank may accept an offer without first
communicating the offer to the actual party to the transaction if
that party has given direction to the bank to accept offers that
meet pre-determined criteria. In that case, the bank is
communicating offers and acceptances because it has been directed to
make an acceptance by its client.
---------------------------------------------------------------------------
We have, however, modified the proposal to clarify certain other
aspects of the finder authority that do not cause a national bank to be
a participant in the transaction. Thus, the final rule provides that a
national bank may act as an intermediary between interested parties and
establish rules of general applicability governing the use and
operation of the finder service.
In response to a commenter's suggestion, we have also changed the
reference ``buyers and sellers'' in Sec. 7.1002 to ``interested parties
to a transaction'' so that the rule recognizes that national banks can
bring together different types of parties to a transaction in addition
to buyers and sellers. This commenter noted in particular that in the
Internet environment, there may be many parties to a transaction beyond
the buyer and seller, such as service providers, consultants, software
developers, and regulatory authorities. We agree with this observation.
We also note that the definition of buyers and sellers includes
analogous parties, such as lessors and lessees. In addition, as the
scope of permissible finder activities is not dependent on the nature
of goods or services sold, national banks can act as finder with
respect to non-financial products and services.\11\ We also have
removed the word ``service'' in Sec. 7.1002 to clarify that national
banks acting as a finder may make communications concerning a third
party's provision of both products and services.
---------------------------------------------------------------------------
\11\See OCC Corporate Decision No. 97-60 (July 1, 1997).
---------------------------------------------------------------------------
The preamble to the proposed rule stated that the examples of
permissible national bank finder activities were illustrative and not
exclusive, and that the OCC may find new activities to be authorized
under the finder authority that are not included in the examples. A
number of commenters requested that we amend the regulatory text itself
to state that these examples are not exhaustive. We agree that making
this statement in the text of the regulation itself will remove any
ambiguity on this point. Therefore, the final rule includes language
indicating that permissible finder activities are not limited to those
listed as examples in the regulation.
2. Electronic Banking B--Scope (new Subpart E and Sec. 7.5000)
The proposal created a new Subpart E of part 7, so that regulations
pertaining to electronic activities would appear in one place. Proposed
Sec. 7.5000 described the purpose of Subpart E, which addresses
national banks' use of electronic technology to deliver products and
services, consistent with safety and soundness. To more accurately
reflect the content of this section, we have changed the title of
Sec. 7.5000 in the final rule from ``Scope'' to ``Purpose of subpart
E.''
The majority of commenters supported the creation of a new,
separate subpart for electronic banking-related provisions. Although
one commenter suggested a regrouping of the provisions in new subpart
E, we believe that the organization of the subpart as proposed presents
the subject
[[Page 34994]]
matter clearly and concisely. Therefore, we have not altered the
arrangement of new Subpart E in the final rule.
3. Electronic Banking Activities That Are Part of, or Incidental to,
the Business of Banking (Sec. 7.5001)
In response to new technologies and evolving financial markets,
national banks are continually developing new electronically-based
activities and products. Proposed Sec. 7.5001 was designed to assist
banks that are contemplating these new electronic activities and
products by identifying the factors the OCC uses to determine whether
such an activity or product is part of, or incidental to, the business
of banking, pursuant to 12 U.S.C. 24(Seventh).
In general, commenters supported the approach taken by this
section. However, a few commenters noted specific issues with the
section as drafted. These issues are discussed below.
Purpose. Proposed Sec. 7.5001(a) provided the purpose of the new
section and described the general parameters of national banks' ability
to engage in electronic activities.\12\ It expressly set out the OCC's
authority to impose conditions on the exercise of newly authorized
activities if necessary to ensure that the activities are conducted
safely and soundly and in accordance with applicable law and
supervisory policies. We received no comments on this portion of
proposed Sec. 7.5001(a), and therefore have adopted it, with changes to
improve clarity.
---------------------------------------------------------------------------
\12\Paragraph (a) of Sec. 7.5001 of the proposed rule has been
recodified as paragraphs (a) and (b) of Sec. 7.5001 in the final
rule.
---------------------------------------------------------------------------
Proposed Sec. 7.5001(a) also stated that State law applies to a
national bank's conduct of electronic activities to the extent such law
would apply if the activity were conducted by the bank through
traditional means. A few commenters suggested modifications to this
statement. However, because Sec. 7.5002 of the proposed rule contains
the same applicability of State law provision, we have deleted this
provision in Sec. 7.5001 as redundant and unnecessary. These comments,
therefore, are described in the discussion of Sec. 7.5002, below.
Activities that are part of the business of banking. Proposed
Sec. 7.5001(b) provided that an electronic activity is authorized for
national banks as part of the business of banking if the activity is
permitted under 12 U.S.C. 24(Seventh) or other statutory authority
applicable to national banks, or otherwise constitutes part of the
business of banking. The proposal set forth four factors the OCC
considers in determining whether an electronic activity is part of the
business of banking.\13\
---------------------------------------------------------------------------
\13\The final rule recodifies these factors as
Sec. 7.5001(c)(1).
---------------------------------------------------------------------------
The first factor is whether the electronic activity is functionally
equivalent to, or a logical outgrowth of, a recognized banking
activity. As indicated in the preamble to the proposed rule, this
factor is based on judicial precedents approving activities that
traditionally have been performed by banks, that are functionally
similar to recognized banking activities, or that represent advances in
recognized banking practices.\14\ We received no comments objecting to,
or requesting modifications of, this factor. Therefore, we are adopting
this factor as proposed.
---------------------------------------------------------------------------
\14\See, e.g., M & M Leasing Corp. v. Seattle First Nat'l Bank,
563 F.2d 1377 (9th Cir. 1977), cert. denied, 436 U.S. 956 (1978)
(national bank leasing of personal property permissible because it
was functionally interchangeable with loaning money on personal
security and therefore incidental to the express power of loaning
money on personal security); and VALIC, 513 U.S. at 259-60 (national
bank annuity sales are permissible because they are functionally
similar to other financial investment products banks have long been
authorized to sell).
---------------------------------------------------------------------------
The second factor in proposed Sec. 7.5001(b) is whether the
proposed activity strengthens the bank by benefiting its customers or
its business. Courts have long recognized that national banks' ability
to serve the needs of their customers by offering appropriate products
and services is crucial to their capability to compete successfully.
Courts have also approved many activities on the basis that they
benefit a bank's customers or the bank's business itself.\15\ Examples
of the types of activities the OCC would look to include those where
the activity increases service, convenience, or options for bank
customers or lowers the cost to banks of providing a product or
service. We also received no comments objecting to, or requesting
modifications of, this factor. The final rule therefore adopts this
factor as proposed.
---------------------------------------------------------------------------
\15\See Merchants' Bank v. State Bank, 77 U.S. (10 Wall.) 604,
648 (1870) (``The practice of certifying checks has grown out of the
business needs of the country.''). See also Clement National Bank v.
Vermont, 231 U.S. 120, 140 (1913) (``the bank should be free to make
* * * reasonable [depositors'] agreements, and thus promote the
convenience of its business. * * *'').
---------------------------------------------------------------------------
The third factor in proposed Sec. 7.5001(b) is whether the activity
presents the types of risk that banks are experienced in managing. One
commenter requested that the OCC change this factor instead to whether
the activity ``involves risk that can be sufficiently assessed and
managed by the bank.'' This suggested modification appears
substantially identical to the proposal in practical effect. Since we
have utilized the proposed factor--whether the activity presents the
types of risks that banks are experienced in managing--in interpretive
letters issued prior to this proposal,\16\ we have decided to adopt the
third factor as proposed.
---------------------------------------------------------------------------
\16\See Merchants' Bank, 77 U.S. at 648 (``A bank incurs no
greater risk in certifying a check than in giving a certificate of
deposit.''); M & M Leasing, 563 F.2d at 1383 (leasing personal
property functionally equivalent to secured lending because the
risks to the bank of such leasing were essentially the same as if
the bank had made secured loans to buyers of the same property). See
also Decision of the Comptroller of the Currency on the Operating
Subsidiary Application by Zions First National Bank, Salt Lake City,
Utah, OCC Conditional Approval No. 267, reprinted in [1997-1998
Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81,256 (Jan. 12,
1998) at 13 (acting as a certification authority involves core
competencies of national banks and thus entails risks similar to
those that banks are already expert in handling).
---------------------------------------------------------------------------
Finally, the fourth proposed factor recognized the relevance of
State law in the analysis the OCC conducts when it receives requests
regarding the permissibility of new electronic activities for national
banks. Since the statutory reference to the ``business of banking''
does not imply that there are two distinct businesses of banking--one
for Federally-chartered and another for State-chartered banks--
activities that are recognized as permissible for State banks are at
least a relevant factor in determining whether an electronic activity
is part of the business of banking.\17\ We received no comments or
requests for modification on this factor. The final rule clarifies that
the activities encompassed by this factor include activities authorized
for a State-chartered bank expressly by State law or otherwise.
---------------------------------------------------------------------------
\17\The U.S. Supreme Court has relied upon the permissibility of
an activity for State banks as a factor in the analysis of
permissible national bank powers. See Colorado Nat'l Bank v.
Bedford, 310 U.S. 41 (1940), in which the Court, concluding that
national banks had the authority to conduct a safe-deposit business,
stated that ``State banks, quite usually, are given the power to
conduct a safe-deposit business. We agree with the appellant bank
that such a generally adopted method of safeguarding valuables must
be considered a banking function authorized by Congress.'' Id. at
49-50.
---------------------------------------------------------------------------
The preamble to the proposed rule stated that a proposed activity
does not necessarily have to satisfy all of these four factors in order
to be permissible. One or more of these factors may be sufficient,
depending on the specific facts and circumstances presented. One
commenter requested that, in addition to the preamble, the regulatory
text include the statement that an activity does not need to meet all
of the listed factors to be permissible. In response,
[[Page 34995]]
we have added a statement explaining that the weight given a particular
factor depends on the facts and circumstances.
Finally, we have modified the first sentence of proposed
Sec. 7.5001(b) by deleting the phrase ``or is otherwise part of the
business of banking.'' That phrase is unnecessary in light of the
statement elsewhere in this subsection that an activity is authorized
for national banks as part of the business of banking if the activity
is described in section 24 (Seventh).
Electronic activities that are incidental to the business of
banking. Consistent with judicial precedent,\18\ proposed
Sec. 7.5001(c) provided that an activity is incidental to the business
of banking if it is convenient or useful to an activity that is
specifically authorized for national banks or to an activity that is
otherwise part of the business of banking. Relying on these same
precedents, proposed Sec. 7.5001(c) distilled and set forth in two
factors the elements the OCC considers in determining whether an
activity is convenient or useful to the business of banking.\19\
---------------------------------------------------------------------------
\18\See Arnold Tours, Inc. v. Camp, 472 F.2d 427, 432 (1st Cir.
1972), which held that a national bank's activity is authorized as
an incidental power if ``it is convenient or useful in connection
with the performance of one of the bank's established activities
pursuant to [the five] express powers'' enumerated in 12 U.S.C.
24(Seventh); Franklin Nat. Bank v. New York, 347 U.S. 373 (1954);
Wyman v. Wallace, 201 U.S. 230 (1906); and First Nat'l Bank of
Charlotte v. National Exch. Bank of Baltimore, 92 U.S. 122 (1875).
\19\The final rule recodifies these factors as
Sec. 7.5001(d)(1).
---------------------------------------------------------------------------
The first factor is whether the activity facilitates the production
or delivery of a bank's products or services, enhances the bank's
ability to sell or market its products or services, or improves the
effectiveness or efficiency of the bank's operations in light of risks
presented, innovations, strategies, techniques, and new technologies
for producing financial products and services. In applying this factor,
the OCC has determined that the provision of certain electronic
products and services is permissible, as incidental to the business of
banking, when needed to package successfully or promote other banking
services.\20\ We also have recognized a category of incidental
activities based on the operation of the bank itself as a business
concern. Banking activities that fall in this category may include
hiring employees, issuing stock to raise capital, owning or renting
equipment, borrowing money for operations, purchasing the assets and
assuming the liabilities of other financial institutions, and operating
through optimal corporate structures, such as subsidiary corporations
or joint ventures. Various Federal statutes have implicitly recognized
national banks' authority to perform the activities necessary to
conduct their business.\21\ In each case, the statutes presume the
existence of corporate power to conduct the bank's business under 12
U.S.C. 24(Seventh).
---------------------------------------------------------------------------
\20\See OCC Interpretive Letter No. 754, reprinted in [1996-97
Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81-118 (Nov. 6,
1996) (national bank operating subsidiary may sell general purpose
computer hardware to other financial institutions as part of larger
product or service when necessary, convenient, or useful to bank
permissible activities).
\21\For example, Federal laws refer to limits on persons who can
serve as bank employees, to the permissible disposition of bank
stock, and to the existence of bank subsidiaries. See, e.g., 12
U.S.C. 78 (defining persons ineligible to be bank employees); 12
U.S.C. 83 (limiting national bank's purchase of its own stock); 12
U.S.C. 24(Seventh) (limiting presupposed authority of national bank
to own a subsidiary engaged in the safe deposit business; 12 U.S.C.
371d (1994) (defining ``affiliates'' to include subsidiaries owned
by national banks); GLBA section 121 (defining ``financial
subsidiary'' as a subsidiary ``other than'' a subsidiary that
conducts bank-permissible activities under the same terms and
conditions that apply to the parent bank or a subsidiary expressly
authorized by Federal statute).
---------------------------------------------------------------------------
We noted in the preamble to the proposed rule that the authority of
banks to deliver and sell products and services or improve the
effectiveness of their operations must be viewed in light of
innovations, strategies, techniques and new technologies for marketing
financial products and services. These grants of power must be given a
broad and flexible interpretation to allow national banks to utilize
modern methods and meet modern needs.\22\ The proposal noted that
market and technological changes that will affect the banking industry
will shape the OCC's future determinations of whether an activity is
incidental to the business of banking.
---------------------------------------------------------------------------
\22\In VALIC, the Supreme Court recognized that the concepts of
the ``business of banking'' and of activities ``incidental'' to that
business must be sufficiently flexible to accommodate the constant
evolution of banking services. See VALIC, 513 U.S. at 259-260. See
also M & M Leasing, 563 F.2d at 1382 (noting that ``commentators
uniformly have recognized that the National Bank Act did not freeze
the practices of national banks in their nineteenth century forms. *
* * [W]e believe the powers of national banks must be construed so
as to permit the use of new ways of conducting the very old business
of banking.'').
---------------------------------------------------------------------------
The second factor listed in proposed Sec. 7.5001(c) is whether the
activity enables the bank to profitably use capacity acquired for its
banking operations or otherwise avoid economic waste or loss. For
example, it is well settled that a nonbanking activity can be
incidental when it enables a bank to realize gain or avoid loss from
activities that are part of, or necessary to, its banking business.
Federal statutes and case law also recognize national banks' need to
optimize the value of bank property by authorizing banks to sell excess
space or capacity in that property.\23\ Section 7.5004, which pertains
to excess capacity, is a specific application of this general principle
in the electronic context.
---------------------------------------------------------------------------
\23\See 12 U.S.C. 24 (Seventh) and 29; Perth Amboy National Bank
v. Brodsky, 207 F. Supp. 785, 788 (S.D.N.Y. 1962) (``It is clear
beyond cavil that the statute [12 U.S.C. 29] permits a national bank
to lease or construct a building, in good faith, for banking
purposes, even though it intends to occupy only a part thereof and
to rent out a large part of the building to others.'').
---------------------------------------------------------------------------
We received no specific comments on these factors and have
therefore retained them both in the final rule. We have, however,
modified the second factor by removing the word ``profitably'' to
conform this factor to the excess capacity doctrine set forth in
Sec. 7.5004.
As with determinations regarding whether an activity is part of the
business of banking, specific facts may implicate one or both of these
factors, and the activity need not satisfy each factor to be
permissible as incidental to that business. At the request of a
commenter, the OCC has added a clarification of this point, in
Sec. 7.5001(d)(2) of the final rule.
Two commenters discussed the effect of this new Sec. 7.5001 on the
application process the OCC uses to determine whether national banks
and their operating subsidiaries may engage in new activities, set
forth in 12 CFR part 5. One commenter requested more specificity on the
use of the factors relevant to determining whether an activity is
incidental to banking and asked that the OCC clarify whether it expects
banks to include these factors in applications to offer new electronic
services. This commenter also asked whether the OCC intends to alter or
streamline this application process in light of the factors listed in
Sec. 7.5001.
We do not believe that substantive changes to the application
process in part 5 are necessary at this time based on this codification
of the factors the OCC examines when determining whether an activity is
authorized pursuant to 12 U.S.C. 24(Seventh). These factors are derived
from OCC opinion letters, which explain them in sufficient detail that
additional guidance is not needed in the rule. A bank that wishes us to
consider whether a proposed activity is permissible pursuant to 12
U.S.C. 24(Seventh) should describe in its filing how its proposed
activity meets one or more of these factors. If it subsequently appears
that technical changes to the application
[[Page 34996]]
or notice process are desirable, we will initiate a separate rulemaking
proposing those changes.
Another commenter suggested that the OCC establish an ``optional,
expedited notice procedure for new activities as a way of enabling
banks to bring products to market quickly within the umbrella of OCC
deference.'' We believe, however, that the OCC's current processes are
sufficiently flexible to allow national banks to offer new electronic
products and services expeditiously, consistent with safety and
soundness considerations. In general, national banks are not required
to notify or obtain OCC approval to engage in permissible activities
within the bank. In addition, national banks may already offer many
permissible electronic products or services through an operating or
financial subsidiary without filing a notice or application with the
OCC. (For new activities to be performed in an operating or financial
subsidiary, the after-the-fact notice or application provisions of 12
CFR part 5 apply.) As indicated in the discussion above, the factors
set forth in Sec. 7.5001 will assist banks in their determination as to
whether a new activity is permissible. A bank that is uncertain about
the permissibility of a new activity may request an interpretive
opinion from the OCC.
4. Furnishing of Products or Services by Electronic Means and
Facilities (Sec. 7.5002)
The OCC's rules currently provide that a national bank may perform,
provide, or deliver through electronic means and facilities any
function, product, or service that it is otherwise authorized to
perform, provide or deliver.\24\ This so-called ``transparency
doctrine'' is a key provision for national banks engaging in electronic
activities because it calls for the OCC to look through the means by
which the product is delivered and focus instead on the authority of
the national bank to offer the underlying product or service.
---------------------------------------------------------------------------
\24\See 12 CFR 7.1019.
---------------------------------------------------------------------------
We have relied on this transparency doctrine to approve a number of
technology-based activities, such as web site hosting and the operation
of a ``virtual mall,'' that are otherwise permissible under a national
bank's finder authority. Similarly, we have approved electronic bill
presentment activities because billing and collecting services are
permissible for national banks.\25\
---------------------------------------------------------------------------
\25\See OCC Conditional Approval No. 369 (Feb. 25, 2000)
(national bank may host a virtual mall consisting of a web page with
links to third-party merchants arranged according to product or
service offered); OCC Conditional Approval No. 304 (Mar. 5, 1999)
(electronic bill presentment is part of the business of banking).
See also OCC Conditional Approval No. 220 (Dec. 2, 1996) (the
creation, sale, and redemption of electronic stored value in
exchange for dollars is part of the business of banking because it
is the electronic equivalent of issuing circulating notes or other
paper-based payment devices like travelers checks); OCC Conditional
Approval No. 267, supra note 16 (a national bank may store
electronic encryption keys as an expression of the established
safekeeping function of banks).
---------------------------------------------------------------------------
The proposal moved the transparency rule to Sec. 7.5002 of new
subpart E and expanded it to include examples of activities the OCC has
found to be permissible. These changes were proposed in order to
provide clearer guidance to national banks that wish to engage in new
electronic activities.
One commenter requested that we clarify that these examples in
Sec. 7.5001 are not exclusive, and that we would consider the
authorization of new activities under the transparency doctrine that
may not be illustrated through the examples provided. The commenter's
suggestion is consistent with the purpose of the provision, and the
final rule clarifies that these examples are illustrative, not
exclusive.
Other commenters requested that we expand the list of examples in
the text of Sec. 7.5002 to include other specific activities. One
suggested that this list include the provision of communications
services relating to all aspects of transactions between buyers and
sellers. This facilitation of communication between interested parties
is an inherent part of a bank's finder activities, and therefore may be
conducted electronically.\26\ We have therefore amended the regulatory
text to include this activity in the list of examples of permissible
electronic activities based on the transparency doctrine.
---------------------------------------------------------------------------
\26\See Letter from Elizabeth H. Corey, Attorney (May 18, 1989)
(unpublished); Letter from John M. Miller, Acting Deputy Chief
Counsel (July 26, 1977) (unpublished).
---------------------------------------------------------------------------
Other commenters suggested adding a number of specific activities
that the OCC has not yet approved as permissible for national banks. We
have not adopted these suggestions. Our experience is that decisions
about the permissibility of new electronic activities are best made in
the context of specific tests and circumstances that enable us to
consider the practical and supervisory effects of, as well as the legal
basis for, the determination. We will accordingly continue our practice
of case-by-case review, followed by codification of key precedents, as
appropriate, from time to time. As noted previously, this codification
does not serve to limit the activities that may be found to be
permissible, and we will continue to review new activities on a case-
by-case basis.
Consistent with the principle that it is the substance of an
activity--and not its electronic form--that is key to the determination
of whether it is permissible, the final rule provides that when a
national bank engages in an electronic activity based on the
transparency doctrine, the electronic activity will not be exempt from
the regulatory requirements and supervisory guidance, including those
prescribed by OCC regulations or contained in other OCC issuances, that
would apply if the activity were conducted by non-electronic means or
facilities. This new provision clarifies that national bank activities
will continue to be governed by OCC regulatory requirements and
supervisory guidance regardless of whether that activity is conducted
electronically or by traditional means.
A few commenters suggested modifications in the provision
addressing the applicability of State law that appeared at proposed
Sec. 7.5002(b), as well as at proposed Sec. 7.5001(a), both provisions
being very similar in substance and in wording. One commenter asked
that the OCC expressly preempt State laws that purport to regulate
activities conducted by electronic means. Another stated that the OCC
should require a national bank to comply only with the laws of the
jurisdiction from which its electronic products or services are
offered. A third commenter asked that we specifically clarify that
other preemption rules in Federal law also apply to the electronic
banking activities of national banks, such as the preemption rules set
forth in the Electronic Signatures in Global and National Commerce Act
(E-Sign).\27\
---------------------------------------------------------------------------
\27\Pub. L. 106-229, 114 Stat. 464 (June 30, 2000).
---------------------------------------------------------------------------
The final rule contains only one provision on the applicability of
State law, now located at Sec. 7.5002(c). This provision has been
modified to address certain of the concerns the commenters have raised
by clarifying the scope of preemption described in the rule, and to
reflect developments in the law pertaining to electronic commerce.
In general, the application of State law to activities conducted by
national banks through electronic means presents issues of preemption
that are determined under traditional principles of Federal preemption
derived from the Supremacy Clause of the United States Constitution\28\
and applicable judicial precedent. The OCC's rules--currently and as
amended by this final rule--
[[Page 34997]]
provide that a national bank may conduct by electronic means any
function or activity that it is otherwise authorized to conduct. The
resolution of any issue about the applicability of State law to an
activity that a national bank conducts electronically is, accordingly,
governed by the preemption principles that would apply to activities
conducted by traditional means.
---------------------------------------------------------------------------
\28\U.S. Const. art. VI, cl. 2.
---------------------------------------------------------------------------
However, when the activity is being conducted by electronic means,
and thus is potentially geographically boundless, a consideration
unique to the purpose and characteristics of the national bank charter
becomes an element of this preemption analysis. Through the national
bank charter, Congress established a banking system intended to be
nationwide in scope, and authorized the creation of national banks,
whose powers were intended to be uniform, as established by Federal
law, regardless of where in the nation they conducted their business.
As the Supreme Court has said:
National banks are instrumentalities of the federal government,
created for a public purpose, and as such necessarily subject to the
paramount authority of the United States. It follows that an attempt
by a state to define their duties, or control the conduct of their
affairs is absolutely void, wherever such attempted exercise of
authority expressly conflicts with the laws of the United States,
and either frustrates the purpose of the national legislation, or
impairs the efficiency of these agencies of the federal government
to discharge the duties for the performance of which they were
created.\29\
---------------------------------------------------------------------------
\29\Davis v. Elmira Savings Bank, 161 U.S. 275, 283 (1896). See
also Marquette Nat. Bank of Minneapolis v. First of Omaha Serv.
Corp., 439 U.S. 299, 314-315 (1978); First Nat. Bank of San Jose v.
California, 262 U.S. 366, 369 (1923) (``[A]ny attempt by a state to
define [national banks'] duties or control the conduct of their
affairs is void, whenever it conflicts with the laws of the United
States or frustrates the purposes of the national legislation, or
impairs the efficiency of the bank to discharge the duties for which
it was created.'').
This freedom from State control over a national bank's powers
protects national banks from conflicting local laws unrelated to the
purpose of providing the uniform, nationwide banking system that
Congress intended. And, as the Supreme Court also recognized, Congress
was concerned not just with the application of certain States' laws to
individual national banks, but also with the application of multiple
States' standards which would undermine the uniform, national character
of the powers of national banks throughout the system. This point was
made clearly by the Supreme Court in Easton v. Iowa, 188 U.S. 220
---------------------------------------------------------------------------
(1903):
That legislation [i.e., legislation creating and regulating
national banks] has in view the erection of a system extending
throughout the country, and independent, so far as the powers
conferred are concerned, of state legislation which, if permitted to
be applicable, might impose limitations and restrictions as various
and as numerous as the states. * * * [W]e are unable to perceive
that Congress intended to leave the field open for the states to
attempt to promote the welfare and stability of national banks by
direct legislation. If they had such power it would have to be
exercised and limited by their own discretion, and confusion would
necessarily result from control possessed and exercised by two
independent authorities.\30\
---------------------------------------------------------------------------
\30\Easton, 188 U.S. at 229, 231-232 (emphasis added).
Thus, in analyzing the potential for State laws to be applicable to
activities conducted by national banks via electronic means, it is also
necessary to recognize in the preemption analysis that application of a
multiplicity of State requirements in itself is an important factor in
the analysis. Particularly where an activity is conducted via
electronic means and is potentially accessible to a customer without
any necessary connection to where the customer is physically located,
application of multiple State law standards to that particular activity
conflicts with the uniformity of standards under which national banks
were designed to operate. The final rule's provision on the
applicability of State law accordingly provides that the applicability
of State law to a national bank's conduct of its authorized activities
through electronic means and facilities is governed by traditional
principles of Federal preemption derived from the Supremacy Clause, and
that, therefore, a State law would not be applicable to such activities
if the State law stands as an obstacle to the achievement of a Federal
objective, namely, the ability of national banks to exercise uniformly
their Federally authorized powers--in this case, through electronic
means or facilities.\31\
---------------------------------------------------------------------------
\31\Of course, in some instances, Federal law will specify that
national banks are to look to State law standards to determine the
extent of their power to conduct certain activities (e.g.,
establishment of intrastate branches, scope of fiduciary powers) or
the manner in which a particular power may be exercised (e.g.,
insurance).
---------------------------------------------------------------------------
The phrase ``stands as an obstacle'' was used by the Supreme Court
in Barnett Bank of Marion County v. Nelson\32\ as one of several
formulations reflecting the standard for determining whether a State
law is preempted, and we intend the use of this phrase to reflect the
full dimensions of the Court's reasoning in that case. Notably, in
Barnett, the Supreme Court cited National Bank v. Commonwealth,\33\ a
case decided very shortly after the establishment of the national
banking system. In that decision, the Court held that the State law in
question was not preempted because it did not ``interfere with, or
impair [national banks'] efficiency in performing the functions for
which they are designed * * *.''\34\ This language was echoed 26 years
later in the Court's decision in Davis v. Elmira Savings Bank, where
the Court expressly recognized that State law may not ``frustrate the
purpose'' of the ``national legislation'' creating the national banking
system or ``impair the efficiency'' with which national banks function
as the components of a uniform, nationwide banking system.\35\ Clearly,
the application of a multiplicity of State-based standards, each
potentially altering--in different ways--the extent and manner in which
a national bank may exercise any particular Federally authorized power
through electronic means, would stand as an obstacle to achievement of
the Federal objective, namely, a uniform, nationwide banking
system,\36\ and ``interfere with'' and ``impair'' the efficiency with
which national banks are able to perform activities authorized under
Federal law\37\ through electronic means and facilities. The final rule
contains revisions to appropriately reflect these considerations in
determining the applicability of State law.
---------------------------------------------------------------------------
\32\517 U.S. 25 (1996).
\33\76 U.S. (9 Wall.) 353 (1870).
\34\Id. at 362.
\35\Davis, 161 U.S. at 283, 284. In Davis, the Court held that a
New York law purporting to require the receiver of an insolvent
national bank to make preferential payment of receivership assets to
``any savings bank'' that had funds on deposit at the failed bank
was preempted by the Federal statute requiring pro rata payment of
such assets to any creditors who could prove their claims. The Court
reasoned that one of the purposes of the ``national legislation''
creating the national banking system was ``to secure . . . a just
and equal distribution of the assets of national banks among all
unsecured creditors, and to prevent such banks from creating
preferences in contemplation of insolvency. This public aim in favor
of all the citizens of every state of the Union is manifested by the
entire context of the national bank act.'' Id. at 284.
\36\Easton, 188 U.S. at 229, 231-32; Davis, 161 U.S. at 283-85.
\37\National Bank, 76 U.S. (9 Wall.) at 362; Davis, 161 U.S. at
283.
---------------------------------------------------------------------------
5. Composite Authority to Engage in Electronic Banking Activities
(Sec. 7.5003)
We noted in the preamble to proposed Sec. 7.5003 that some
electronic banking activities that appear novel may actually be merely
a collection of interrelated activities, each of which is permissible
under well-settled authority. Thus, to clarify national banks'
authority to conduct this type of composite activity, we proposed to
adopt a new Sec. 7.5003, which provides that an electronic
[[Page 34998]]
product or service comprised of several elements or activities is
authorized if each of the constituent elements or activities is
authorized.
Commenters supported this proposal because it addresses the reality
that electronic products and services rarely fit into one specific
category of authority. Thus, we are adopting this rule as proposed.
6. Excess Electronic Capacity (Sec. 7.5004)
The proposed rule in Sec. 7.5004 recognized that the OCC has long
applied the ``excess capacity'' doctrine to the technology resources of
national banks to enable them to avoid waste and deploy those resources
efficiently.\38\ While the doctrine originated to allow banks to use
excess real property efficiently, it has taken on particular
significance as banks conduct more business through developing
technologies such as Internet access, software production and
distribution, long line telecommunications and data processing
equipment, electronic security systems, and call centers.\39\
Accordingly, we proposed to relocate the excess electronic capacity
rule from current Sec. 7.1019 to new subpart E and to add specific
examples. The final rule adopts this approach, but amends the proposal
in response to comments received.
---------------------------------------------------------------------------
\38\The excess capacity doctrine holds that a bank properly
acquiring an asset to conduct its banking business is permitted,
under its incidental powers, to make full economic use of the
property if using the property solely for banking purposes would
leave the property underutilized. See OCC Conditional Approval No.
361 (Mar. 3, 2000).
\39\See OCC Interpretive Letter No. 742, reprinted in [1996-1997
Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81-106 (Aug. 19,
1996); OCC Interpretive Letter No. 677, reprinted in [1994-1995
Transfer Binder] Fed. Banking L. Rep. (CCH) para. 83,625 (June 28,
1985); Letter from William Glidden (June 6, 1986) (unpublished);
Letter from Stephen Brown (Dec. 20, 1989) (unpublished); and OCC
Conditional Approval No. 361 (Mar. 3, 2000).
---------------------------------------------------------------------------
The proposed rule stated that a national bank may acquire or
develop excess capacity ``in good faith for banking purposes.'' In
applying this test, the OCC and the courts consistently have reviewed a
bank's objective business reasons for obtaining the excess capacity. To
clarify the appropriate focus of the excess capacity test, and to avoid
creating any misperception that the focus is on the subjective intent
or mental state of bank management, the final rule states that a
national bank may market and sell electronic capacities ``legitimately
acquired or developed by the bank for its banking business.'' The
``legitimate'' standard incorporates the requirement that the excess
capacity must be acquired in ``good faith'' for banking purposes.\40\
This test recognizes the broad policy of optimization of resources and
avoidance of loss or waste. To further clarify how the excess capacity
doctrine is to be applied, we have provided specific and non-exclusive
examples in the regulation to illustrate when legitimate excess
electronic capacity may be acquired.
---------------------------------------------------------------------------
\40\See OCC Interpretive Letter No. 888, reprinted in [2000-2001
Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81,407 (Mar. 14,
2000). See also Brown v. Schleier, 118 F. 981 (8th Cir. 1902),
aff'd. 194 U.S. 18 (1904).
---------------------------------------------------------------------------
The final rule also adopts the proposed examples of excess capacity
in equipment or facilities of national banks that have been found to
have been acquired legitimately for banking purposes. The examples in
the final rule are not exclusive, but merely illustrate uses of excess
electronic capacity that we have approved. As our approvals to date
demonstrate, the determination that a particular acquisition of excess
electronic capacity is permissible is fact-specific. Accordingly, we
encourage banks with questions regarding appropriate uses of excess
electronic capacity to consult with the OCC.
In the preamble to the proposed rule, the OCC asked whether the
final rule should codify a doctrine closely related to excess capacity:
the so-called ``by-product doctrine.'' Under this authority, a national
bank may sell by-products, such as software, legitimately developed by
the bank for or during the performance of its permissible data
processing functions. A number of commenters urged the OCC to
explicitly codify the by-product doctrine. They noted that as part of
their electronic banking products or internal operations, national
banks often internally design and create software or other products
that may have broader application. The by-product doctrine enables
national banks to sell such products into the general market and, thus,
gain revenue to offset internal development costs.
We have determined that it would be helpful to recodify the by-
product doctrine in the final rule. Until 1984, the OCC's data
processing rule specifically recognized the by-product doctrine.\41\
Although this language was deleted from the rule in 1984,\42\ it was
not done with the intention to change the OCC's position regarding this
theory. The 1984 revision was merely a non-substantive format change in
the rule done largely to avoid potential confusion. The OCC believes
that it has now developed a considerable body of precedent on the by-
product doctrine that will help provide adequate guidance on these
issues and reduce the risk of confusion.\43\
---------------------------------------------------------------------------
\41\See 12 CFR 7.3500 (1983).
\42\See 49 FR 11157 (Mar. 26, 1984).
\43\See, e.g., OCC Interpretive Letter No. 284, reprinted in
[1983-1984 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 85,448
(Mar. 26, 1984); OCC Interpretive Letter No. 449, reprinted in
[1988-1989 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 85,673
(Aug. 23, 1988); and OCC Interpretive Letter No. 677, supra note 53.
---------------------------------------------------------------------------
7. National Bank Acting as a Digital Certification Authority
(Sec. 7.5005)
The OCC has permitted a national bank to act as a certification
authority\44\ that issues certificates verifying the identity of the
certificate holder to support digital signatures.\45\ Proposed
Sec. 7.5005 would codify this position. Comments supported this
proposal and it is adopted without significant change in paragraph (a)
of Sec. 7.5005.
---------------------------------------------------------------------------
\44\See OCC Conditional Approval No. 267, supra note 16.
\45\Digital signatures are a form of electronic authentication
that permit the recipient of an electronic message to verify the
sender's identity. In order for a digital signature system to
operate successfully, the message recipient must have assurance that
the public key used to decode a message is uniquely associated with
the sender. One method of providing that assurance is for a trusted
third-party (called a ``certification authority'') to issue a
digital certificate attesting to this association. The certification
authority generates and signs digital certificates to verify the
identity of the person transmitting a message electronically. The
mathematical function the sender uses to encode a message is called
the sender's private key. The related function that the recipient of
the message uses to decode the message is called the sender's public
key. In public key infrastructure (``PKI'') systems based on
asymmetric encryption, each private key is uniquely associated with
a particular counterparty public key. Thus, if one has assurance
that a specific private key is associated with a person and under
his or her sole control, any message that can be decoded using that
person's public key may be assumed to have been sent by that person.
---------------------------------------------------------------------------
The preamble to the proposed rule requested comments on whether the
final rule should also authorize national banks to issue digital
certificates that verify attributes beyond mere identity, i.e., the
authority or financial capacity of the certificate holder. We invited
comment on the extent to which national banks propose to engage in
these activities, how they will be structured, and whether permitting
national banks to issue certificates to verify additional attributes
beyond identity presents unique risks.
Generally, commenters strongly supported extending the
certification authority to attributes beyond identity. Commenters said
that verification of certificate holder transaction authority and
financial capacities are necessary for banks to be able to effectively
market electronic banking services. These commenters noted that
national banks have long had experience in certifying the financial
capacity of their
[[Page 34999]]
customers. For example, banks issue letters of credit or loan approval
letters to give comfort to third parties that the bank customer has the
financial capacity to consummate contemplated transactions. Banks also
manage and verify account numbers, account balances, and transactions
charged to those account numbers. Some commenters requested that the
final rule not be limited to a particular list of functions. They noted
that the methods and usefulness of certification authority services
will continue to evolve. Thus, they urged that the final rule should
enhance flexibility so that a certificate can be issued for any purpose
where the underlying verification is part of the business of banking.
They requested that the final rule list particular attributes, such as
financial capacity, as examples of this extended certification
authority activity.
However, other commenters urged the OCC to consider the risks that
may arise when the new certification activities either are combined
with or approximate in function the existing authority for independent
undertakings.\46\ The commenters were particularly concerned that any
new authority to issue extended certificates relating to financial
capacity might raise risks similar to those assumed by banks issuing
letters of credit and other independent undertakings.
---------------------------------------------------------------------------
\46\See 12 CFR 7.1016.
---------------------------------------------------------------------------
The final rule provides that national banks may issue digital
certificates to verify any attribute for which verification is part of
or incidental to the business of banking and lists several types of
financial capacity as examples of such attributes. This list is
intended to be non-exclusive. We will consider what other attributes
might be verified in an electronic certificate on a case-by-case basis
so that the potential risks can be better assessed.
We recognize that the extended authority to issue non-identity
digital certificates presents supervisory issues. We have existing
guidance on digital certificates (OCC Bulletin 99-20), and intend to
update that guidance to address issues arising under the extended
authority codified in Sec. 7.5005(b). These issues arise in part
because the party issuing the certificate is verifying an attribute--
such as financial capacity--that can and does change over time.
If a bank were to verify that funds will be available on a certain
date in its certificates, the bank would, in effect, be engaging in an
electronic independent undertaking. However, the extended certificate
authority codified in Sec. 7.5005(b) is distinct from independent
undertakings, both analytically and operationally. To facilitate this
distinction, the final rule clarifies by examples the types of
financial verifications that the OCC intends to authorize in extended
certifications. Specifically, the final rule lists examples of
permissible financial certifications that involve verification of the
following existing facts: (1) Account balance as of a particular date;
(2) lines of credit as of a particular date; (3) past performance of
customer (like a credit report); and (4) verification of customer
relationship as of a particular date. Each of these verifications
represents a statement of fact as of a particular current or previous
date with respect to the certificate subscriber. Thus, financial
certificates do not represent a promise by the certificate authority
bank to the relying party that particular funds will be available or
advanced for a particular transaction. For this reason, a financial
certification is distinguished from an independent undertaking, which
is a promise by a bank to make available funds for a particular
transaction upon presentation of specified documents. An independent
undertaking exposes the issuing bank to credit risk; a properly
formulated and limited financial certification does not.
We expect banks issuing financial capacity certificates to take
steps appropriate to address the risk that a party receiving a
financial certification (the relying party, usually a seller) would
assert that the certification is really an implied promise or
representation by the issuing bank that funds will be available or
advanced to pay for a particular transaction. We expect issuing banks
to take appropriate precautions against having their financial
certificates construed as implied promises to lend. While other risk
controls will be appropriate in particular cases,\47\ the final rule
provides that financial capacity certificates must include express
disclaimers stating that the bank does not thereby promise or represent
that funds will be available or advanced for a particular transaction.
---------------------------------------------------------------------------
\47\For example, the risk of confusion may be particularly great
in situations where the bank is issuing a financial certification on
the existence of a line of credit. Relying parties might try to
assert that this certificate constitutes an implied promise that the
verified credit line would be available to fund their specific
transaction. Thus, in connection with such certifications, the
issuing bank might not only include the disclaimer discussed above
but also make available with the digital certificate the terms of
the line of credit so that the relying parties may directly assess
its availability for their transaction.
---------------------------------------------------------------------------
If banks take necessary precautions and issue appropriately
designed financial certifications, the requirements of Sec. 7.1016
(which are designed predominantly to control credit risk) should not be
required as a risk mitigation device. However, if a purported financial
capacity certificate did guarantee or promise funds availability, the
requirements of Sec. 7.1016 should and will apply. Under the
transparency rule in Sec. 7.5002 of the final rule, electronic letters
of credit are clearly permissible. However, in contrast to the
financial certifications authorized under Sec. 7.5005 of this final
rule, electronic letters of credit are subject to Sec. 7.1016 because
they are independent undertakings.\48\
---------------------------------------------------------------------------
\48\See 12 CFR 7.5005(c).
---------------------------------------------------------------------------
Finally, the proposed rule contemplated that verification will be
provided as part of a digital certificate, i.e., the certificate itself
would contain the verified information on authority or financial
capacity. However, some commenters requested that the final rule also
enable banks to issue certificates that interoperate with the bank's
internal systems so that the certificate is associated automatically
with information in those systems related to the certificate holder. In
other words, the verified information would reside not in the
certificate, but in bank systems linked to the certificate. The benefit
of this approach is that a system-linked certificate can provide access
to information that is updated whenever the bank's systems are updated,
whereas information resident on the certificate can become rapidly
outdated. Thus, some comments urged that the final rule expressly
authorize banks to engage in electronic authentication activities
regardless of the particular technology employed.
We agree that there are significant advantages to system-linked
certificates. However, such certificates also present very different
risks than the certificate-based PKI systems for which the OCC has
issued guidance.\49\ For this reason, the final rule does not contain a
general authorization for system-linked certificates. However, we are
prepared to consider on a case-by-case basis how national banks may use
new technologies and models, beyond PKI-based digital certificates, to
provide permissible electronic verification services.
---------------------------------------------------------------------------
\49\See OCC Bulletin 99-20.
---------------------------------------------------------------------------
8. Data Processing (Sec. 7.5006)
Proposed Sec. 7.5006(a) codified OCC interpretations confirming
that a national bank may collect, process,
[[Page 35000]]
transcribe, analyze, and store banking, financial, and economic data
for itself and its customers as part of the business of banking.\50\
Commenters were generally supportive of this aspect of the proposed
rule and we are adopting it with some changes. Specifically, the final
rule provides additional guidance on the scope and range of permissible
banking, financial or economic data processing in two ways. First, the
final rule clarifies that permissible ``processing'' of eligible data
includes provision of data processing services, data transmission
services, facilities (including equipment, technology, and personnel),
databases and advice. It also includes providing access to such
services, facilities, databases and advice. Second, the rule specifies
that for purposes of this section, ``economic data'' includes anything
of value in banking and financial decisions.\51\
---------------------------------------------------------------------------
\50\See, e.g., OCC Conditional Approval No. 289 (Oct. 2, 1998);
OCC Interpretive Letter No. 805, reprinted in [1997-1998 Transfer
Binder] Fed. Banking L. Rep. (CCH) para. 81,252 (Oct. 9, 1997). A
prior OCC interpretive ruling on electronic banking specifically
stated that ``as part of the business of banking and incidental
thereto, a national bank may collect, transcribe, process, analyze
and store for itself and others, banking, financial, or related
economic data.'' 39 FR 14192, 14195 (Apr. 22, 1974). This language
was deleted from former 12 CFR 7.3500 because the OCC was concerned
that the specific examples of permissible activities in the ruling,
such as the marketing of excess time, by-products, and the
processing of ``banking, financial, or related economic data,'' had
led to confusion and misinterpretation. See 47 FR at 46526, 46529
(Oct. 19, 1982). However, the preamble to the proposal to simplify
the rule stated that ``the Office wishes to make clear that it does
not intend to indicate any change in its position regarding the
permissibility of data processing services.'' Id. Since 1982, the
risk of confusion and misinterpretation of a regulation has
significantly diminished due to, among other reasons, the
substantial number of interpretive letters the OCC has issued on
permissible data processing that can provide a context for
understanding the rule.
\51\See, e.g., Association of Data Processing Service
Organizations, Inc. v. Board of Governors, 745 F.2d 677, 691 (D.C.
Cir. 1984).
---------------------------------------------------------------------------
In addition to processing of banking, financial or economic data,
national banks, under their authority to conduct activities incidental
to the business of banking, may also provide limited amounts of non-
financial information processing to their customers to enhance
marketability or use of a banking service.\52\ In determining the
permissible scope of this incidental processing, we typically inquire
whether the processing of non-financial data is convenient or useful to
the specific processing of financial data or other business of banking
activities in a specific contract or relationship.
---------------------------------------------------------------------------
\52\See, e.g., OCC Conditional Approval No. 369 (Feb. 25, 2000).
---------------------------------------------------------------------------
Thus, in the preamble discussing proposed Sec. 7.5006, we requested
comment on whether to codify this authority to conduct incidental non-
financial data processing and specifically whether to provide that a
national bank may generally derive a certain specified percentage of
its total annual data processing revenue from processing non-financial
data. Anecdotal evidence suggested that national banks attempting to
market financial data processing services are frequently confronted
with customer demands that the bank also process some non-financial
data so that the customer can avoid the inconvenience of having to use
two different processors for financial data and for non-financial data.
Moreover, banks' competitors in the marketplace are providing these
fully integrated data processing services. Thus, we asked for comments
and evidence on the extent of this type of customer demand in order to
determine whether it is so pervasive as to warrant authorizing the
processing of non-financial data in connection with financial data
processing in lieu of our current case-by-case approach.
The comments filed in response to this request supported
codification of the authority to engage in incidental non-financial
data processing. These comments establish that such a rule is warranted
to accommodate pervasive realities of the financial data processing
marketplace. Accordingly, we have decided to adopt a more flexible
approach to non-financial data processing rather than a safe harbor
with a specific percentage (e.g., 30% or 49%). We believe that, in
light of the rapidly evolving nature of bank data processing and the
data processing markets in which banks compete, a fixed percentage
could be inappropriately rigid.
The final rule therefore provides that, in addition to its
authority to process banking, financial, and economic data, a national
bank may also process additional types of data to the extent convenient
or useful to the bank's ability to provide the banking, financial, and
economic data processing services. This approach to permissible
incidental data processing would be satisfied where providing non-
financial data processing is reasonably necessary to conduct the
financial data processing services on a competitive basis. The bank's
total revenue from providing data processing services under this
section must, however, be derived predominantly by from processing
banking, financial, or economic data. Thus, under the final rule, a
bank offering financial data processing services will also be able to
offer additional processing of incidental non-financial data if it
determines that, in the market it is attempting to serve, processing of
some non-financial data is reasonably necessary to operate on a
competitive basis and if the aggregate revenue from such incidental
non-financial processing is not the predominant source of its total
revenue from data processing services under this section.
We believe this approach, which is fully consistent with judicial
and OCC precedent,\53\ is preferable to a specific percentage-based
safe harbor because it adheres to concepts that allow a component of
the bank's data processing to include non-financial data processing and
provides more flexibility to accommodate the evolving role in data
processing in the business of banking. Banks that engage in financial
or non-financial data processing will be expected to comply with all
applicable supervisory requirements and guidance.\54\ The OCC will
develop additional guidance for examiners and bankers on data
processing activity, as needed.
---------------------------------------------------------------------------
\53\See generally Sec. 7.5001(c)(2). OCC has long held that a
national bank, under its incidental powers, may sell non-banking
products and services when reasonably necessary to provide banking
products on a competitive basis by creating a package of related
services needed to satisfy consumer demand, meet market competition,
and enable the bank to successfully market its banking services.
Thus, for example, in OCC Interpretive Letter No. 742, supra note
53, OCC found offering of Internet access service was needed to
successfully provide and market the bank's Internet banking service.
We found limiting the bank's Internet access services, to block non-
banking use, would not meet customer needs or the competing products
in the marketplace. See also OCC Interpretive Letter No. 611, supra
note 6 (bank selling home banking service can also provide customer
access to non-banking services ``to increase the customer base and
service the usage of the program''); OCC Interpretive Letter No.
653, reprinted in [1994-1995 Transfer Binder] Fed. Banking L. Rep.
(CCH) para. 83,601 (Dec. 22, 1994) (national banks may offer non-
banking products as part of larger product or service when
necessary, convenient, and useful to bank permissible activities);
cf. National Courier Ass'n v. Board of Governors, 516 F.2d 1229,
1240 (D.C. Cir. 1975) (incidental powers of holding companies
include providing specialized courier services when service is
necessary to obtain full benefit of data processing services).
Compare National Retailers Corp. v. Valley Nat'l Bank, 411 F. Supp.
308 (D. Ariz. 1976), aff'd, 604 F. 2d 32 (9th Cir. 1979). In light
of subsequent developments, however, for the reasons stated in OCC
Interpretive Letter 928 (Dec. 24, 2001) and Interpretive Letter No.
856 (Mar. 5, 1999), the OCC does not believe that courts today would
accord significant weight to the National Retailers case.
\54\See, e.g., OCC Alert No. 2001-4 (Network Security
Vulnerabilities); OCC Advisory Letter No. 2001-12 (Risk Management
of Outsourcing Technology); and OCC Bulletin No. 2000-14
(Infrastructure Threats-Intrusion Risks--Message to Bankers and
Examiners).
---------------------------------------------------------------------------
In addition to the authority to provide data processing under this
section, national banks also have other
[[Page 35001]]
authorities to process data that is non-financial. For example, banks
may process data (regardless of the type) under the excess capacity
doctrine and under their correspondent authority. These additional
authorities are codified in other sections of the new Subpart E;\55\
their rationale and concomitant limitations are independent and
distinct from the authority to process banking, financial, and economic
data and incidental non-financial data under Sec. 7.5006 of the final
rule. Thus, the revenue derived from non-financial data processing that
may occur under these other authorities and activities is not included
as non-banking, financial, or economic data processing revenue in
computing the total revenue from Sec. 7.5006 data processing services
used to determine compliance with the predominantly proviso in new
Sec. 7.5006(b).
---------------------------------------------------------------------------
\55\See, e.g., Sec. 7.5001(d), 7.5004, and 7.5007.
---------------------------------------------------------------------------
9. Correspondent Services (Sec. 7.5007)\56\
---------------------------------------------------------------------------
\56\We have modified the title of this section from
``correspondent banking'' to ``correspondent services'' to more
accurately reflect the activity authorized by this section.
---------------------------------------------------------------------------
The proposed rule codified the OCC's longstanding interpretation
that national banks may perform for other entities an array of
activities called ``correspondent services'' as part of the business of
banking.\57\ These activities include any corporate or banking service
that a national bank may perform for itself.\58\ A national bank may
perform these activities for any of its affiliates or for other
financial institutions.\59\
---------------------------------------------------------------------------
\57\See, e.g., OCC Interpretive Letter No. 875, supra note 6;
OCC Interpretive Letter No. 811, reprinted in [1997-1998 Transfer
Binder] Fed. Banking L. Rep. (CCH) para. 81-259 (Dec. 18, 1997); OCC
Corporate Decision No. 97-79 (July 11, 1997).
\58\See OCC Interpretive Letter No. 467, reprinted in [1988-1989
Transfer Binder] Fed. Banking L. Rep. (CCH) para. 85,691 (Jan. 24,
1989) (national bank may offer wide range of correspondent
services); Letter from Wallace S. Nathan, Regional Counsel (Dec. 3,
1982) (unpublished) (microfiche services); Letter from John E.
Shockey, Chief Counsel (July 31, 1978) (unpublished) (advertising
services).
\59\See, e.g., OCC Interpretive Letter No. 875, supra note 6;
OCC Interpretive Letter No. 513, reprinted in [1990-1991 Transfer
Binder] Fed. Banking L. Rep. para. 83,215 (June 18, 1990).
---------------------------------------------------------------------------
This proposal also codified a number of OCC interpretations that
approve certain electronic- and technology-related activities as
permissible correspondent services for national banks and included
these activities in the text of the regulation as examples of
electronic activities that banks may offer as correspondent services.
These examples included: (1) Providing computer networking packages and
related hardware that meet the banking needs of financial institution
customers;\60\ (2) processing bank, accounting, and financial data,
such as check data, other bookkeeping tasks, and general assistance of
correspondents' internal operating, bookkeeping, and data
processing;\61\ (3) selling data processing software;\62\ (4)
developing, operating, managing, and marketing products and processing
services for transactions conducted at electronic terminal devices
including, but not limited to, ATMs, POS terminals, scrip terminals,
and similar devices;\63\ (5) item processing services and related
software development;\64\ (6) document control and record keeping
through the use of electronic imaging technology;\65\ (7) Internet
merchant hosting services for resale to merchant customers;\66\ and (8)
communication support services through electronic means, such as: (i)
The provision of electronic ``gateways'' in order to communicate and
receive financial information and to conduct transactions; (ii)
creating, leasing, and licensing communications systems, computers,
analytic software, and related equipment and services for sharing
information concerning financial instruments and economic information
and news; and (iii) the provision of electronic information and
transaction services and linkage for financial settlement services.\67\
---------------------------------------------------------------------------
\60\See OCC Interpretive Letter No. 754, supra note 20.
\61\ See, e.g., Letter from Vernon E. Fasbender, Director for
Analysis, Southeastern District (Dec. 6, 1990); OCC Interpretive
Letter No. 345, reprinted in [1985-1987 Transfer Binder] Fed.
Banking L. Rep. (CCH) para. 85,515 (July 9, 1985); Letter from Joe
H. Selby, Deputy Comptroller (Nov. 22, 1978).
\62\See, e.g., OCC Interpretive Letter No. 868, reprinted in
[Current Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81-362
(Aug. 16, 1999).
\63\See, e.g., OCC Interpretive Letter No. 890, reprinted in
[1999-2000 Transfer Binder] Fed. Banking L. Rep. (CCH) para. 81-409
(May 15, 2000).
\64\See, e.g., Letter from Vernon E. Fasbender, Director for
Analysis, Southeastern District (Dec. 6, 1990); and Letter from J.T.
Watson, Deputy Comptroller of the Currency (Mar. 22, 1973).
\65\See OCC Interpretive Letter No. 805, supra note 64.
\66\See Corporate Decision No. 2000-08 (June 1, 2000); and OCC
Interpretive Letter No. 875, supra note 6.
\67\See OCC Interpretive Letter No. 611, supra note 6; OCC
Interpretive Letter No. 516, supra note 6; and OCC Interpretive
Letter No. 346, reprinted in [1985-1987 Transfer Binder] Fed.
Banking L. Rep. (CCH) para. 85,516 (July 31, 1985).
---------------------------------------------------------------------------
Two commenters requested that the OCC add digital certification
authority services to these examples of permissible correspondent
activities. We agree that it is appropriate to add this activity to
Sec. 7.5007 because we have previously approved it in interpretive
letters.\68\ Accordingly, the final rule includes this activity as an
additional example.
---------------------------------------------------------------------------
\68\See OCC Conditional Approval No. 339 (Nov. 6, 1999).
---------------------------------------------------------------------------
Two other commenters expressed concern that, as proposed,
Sec. 7.5007 may give the impression that the OCC considers the list of
permissible correspondent activities in the regulation to be
exhaustive. As indicated above, this list is a codification of existing
OCC interpretations and is not intended to be restrictive. To clarify
this point, we have amended Sec. 7.5002 to specifically provide that
these examples are only illustrative. We will continue to consider, on
a case-by-case basis, the authorization of new electronic- and
technology-related activities as correspondent services offered by
national banks that may not be included in the examples provided in the
regulation.
B. Location
1. Location of a National Bank Conducting Electronic Activities
(Sec. 7.5008)
As the OCC noted in the preamble to the proposed rule, the effect
of several statutes affecting national banks turns in part on where the
bank in question is ``located.'' In addition, the scope of this term
(or closely related statutory terms, such as ``situated'')--whether it
refers only to the bank's main office, includes branches as well, or
means something different--varies from statute to statute.\69\
Moreover, national banks often conduct a significant portion of their
operations in locations that are distinct from their main office and
branches.
---------------------------------------------------------------------------
\69\See, e.g., 12 U.S.C. 24 (Eighth) (charitable contributions);
12 U.S.C. 29 (authority to hold real estate); 12 U.S.C. 36
(branching); 12 U.S.C. 72 (director qualifications); 12 U.S.C. 92
(authority to act as insurance agent or broker); 12 U.S.C. 92a
(trust powers); 12 U.S.C. 94 (venue); 12 U.S.C. 215 and 215a (bank
consolidations and mergers); and 12 U.S.C. 548 (State taxation).
---------------------------------------------------------------------------
To remove any ambiguity on the scope of this term, the proposed
rule provided that a national bank will not be considered located in a
State solely because it physically maintains equipment or facilities
that are necessary for the use of electronic technologies, such as a
server or automated loan center, in that State, or because the bank's
products or services are accessed through electronic means by customers
located in the State. This interpretation of ``located'' is consistent
with evolving case authority.\70\ Thus, for example, these factors
would not result in a bank being considered to be
[[Page 35002]]
``located'' in a particular State for purposes of 12 U.S.C. 85.
---------------------------------------------------------------------------
\70\See, e.g., Amberson Holdings LLC v. Westside Story
Newspaper, 110 F. Supp. 2d 332 (D.N.J. 2000).
---------------------------------------------------------------------------
Most of those who commented on this issue supported our proposal.
One commenter asked that we amend this provision to state specifically
that a product or service provided through electronic means shall be
deemed to be offered and delivered from a single location. This
suggestion raises broader issues that require additional analysis,
which at this time we believe is best undertaken on a case-by-case
basis rather than through this rulemaking.
Another commenter requested that we delete the word ``solely'' from
the proposed provision in order to eliminate any inference that the
location of a bank's technological equipment or customers may ever be
considered in the determination of a bank's ``location.'' It is not our
intent to remove these factors altogether from the determination of
where a bank is located since the equipment may be connected to other
relevant activities of the bank. Instead, the purpose of this provision
is simply to make clear that these factors alone will not determine the
bank's location in a State.
Accordingly, the OCC has adopted Sec. 7.5008 as proposed.
2. Location Under 12 U.S.C. 85 of National Banks Operating Exclusively
Through the Internet (Sec. 7.5009)
Twelve U.S.C. 85 authorizes a national bank to charge interest in
accordance with the laws of the State in which it is located. In
interpreting section 85, the Supreme Court has held that a national
bank is ``located'' in the State where it has its main office (its home
State).\71\ Thus, a national bank may charge the interest rates
permitted by its home State no matter where the borrower resides or
what contacts with the bank occur in another State.
---------------------------------------------------------------------------
\71\See Marquette Nat. Bank v. First of Omaha Serv. Corp., 439
U.S. 299 (1978). The OCC also has determined that for purposes of
section 85, under certain circumstances, an interstate national bank
may be considered to be ``located'' in a state where it has a
branch. In this situation, the bank may be required to impose
interest rates in accordance with the law of the branch state. See
OCC Interpretive Letter No. 822 (Feb. 17, 1998). A national bank
that operates exclusively through the Internet and thus has no
branches would not be affected by this interpretive letter.
---------------------------------------------------------------------------
The OCC has chartered several national banks without physical
branches that make loans or extend credit exclusively through the
Internet. The proposal provided that, for purposes of 12 U.S.C. 85, the
main office of a national bank that operates exclusively through the
Internet is the office identified by the bank under 12 U.S.C. 22
(Second) or as relocated pursuant to 12 U.S.C. 30 or other appropriate
authority.
Many commenters supported this section as proposed. We therefore
are adopting this section in the final rule, with one minor technical
change. Because the OCC does not always use the term ``Internet-only''
in its guidance and interpretations, we have removed that term from the
title of Sec. 7.5009.
C. Safety and Soundness
Shared Electronic Space (Sec. 7.5010)
In light of the increased ability of national banks to enter into
joint marketing relationships with third-parties through the Internet,
we proposed to extend the same general principles as set forth in 12
CFR 7.3001\72\ on shared physical space to situations where banks share
co-branded web sites or other electronic space with subsidiaries,
affiliates, or other third-parties. The proposed rule was in part based
upon our recent guidance on weblinking arrangements,\73\ and was
designed to reduce risk of customer confusion. To that end, the
proposed rule would have required national banks to take reasonable
steps to enable customers to distinguish between products and services
offered by the bank and those offered by the third-party. The bank also
would have been required to disclose its limited role with respect to
the third-party product or service and to call attention to the fact
that the bank does not provide, endorse, or guarantee any of the
products or services available from the third-party.
---------------------------------------------------------------------------
\72\Under 12 CFR 7.3001, a national bank may lease space on bank
premises to other businesses and share space jointly with other
businesses subject to certain conditions. The conditions set forth
in Sec. 7.3001(c) are intended to minimize customer confusion about
the nature of the products offered and promote the safe and sound
operation of the bank.
\73\See OCC Bulletin 2001-31 (``OCC Weblinking Bulletin'').
---------------------------------------------------------------------------
However, many commenters expressed concern that the proposed rule
was excessively prescriptive and would unduly limit industry
flexibility in responding to the risks of customer confusion regarding
shared electronic space. These commenters suggested that a prescriptive
rule was unnecessary at this time in light of the OCC Weblinking
Bulletin and that the OCC should delay action on a rule until the
agency has had more opportunity to evaluate the effectiveness and
impact of the Bulletin.
We have decided to adopt a shared electronic space rule, but with
significant changes to the proposed rule that are responsive to
comments received. In our view, a general rule on shared electronic
space is needed to address broader forms of shared electronic space
that are becoming increasingly prevalent, but are not covered by the
OCC Weblinking Bulletin. These forms include shared web sites and bank
web pages that are embedded in third-party sites. The final rule on
electronic shared space will provide guidance to the industry, promote
greater awareness of relevant issues, and facilitate examiner efforts
to supervise this activity.
However, we have decided not to promulgate at the present time the
more specific portions of the proposed rule that would have required a
national bank with shared electronic space to make specific disclosures
of its limited role with respect to third-party products and to advise
that the bank does not provide, endorse, or guarantee any of the
products or services available through the shared electronic space. In
light of concerns expressed by many commenters, we believe that it
would be appropriate to gain more experience in this area before
codifying detailed requirements.
The final rule requires that national banks sharing electronic
space with a third-party must take reasonable steps to clearly,
conspicuously, and understandably distinguish between products and
services offered by the bank and those offered by the third-party. In
determining whether a bank has taken reasonable steps to distinguish
third-party products and services available through shared electronic
space, we will consider a number of factors. Among other things, we
will look at web page formatting (including visual cues to the
consumer), text-based or audio narrative, and compliance with other
product-specific regulatory disclosure requirements. Additionally, what
constitutes ``reasonable steps'' will depend upon the specific product
and context; some products and contexts may require more information to
be disclosed than others. Finally, the OCC Weblinking Bulletin will
provide helpful guidance regarding both linking arrangements and other
non-linking forms of shared electronic space.
A number of holding company commenters were concerned about how the
proposed rule would apply to holding company web sites that share a
common name with the bank and have web pages for a subsidiary national
bank embedded in the holding company site. These commenters suggested
that the final rule should not cover situations where a subsidiary bank
shares its holding company's web site. However, we have consistently
applied Sec. 7.3001 to
[[Page 35003]]
physical space shared with affiliates. Moreover, in the physical non-
electronic context, we have found that serious customer confusion
potentially can arise when national banks sell holding company products
and obligations, including commercial paper, on bank premises.
Likewise, we are concerned that, if banks do not provide adequate
disclosures in electronic space shared with affiliates, bank customers
will become confused over the bank's responsibility for an affiliate's
products and obligations sold through that shared space. For this
reason, we have decided not to exclude affiliates from coverage by the
final rule. However, the elimination of the more specific provisions of
the proposed rule should largely ameliorate the concerns of the
commenting holding companies.
Regulatory Flexibility Act
Pursuant to section 605(b) of the Regulatory Flexibility Act (RFA),
5 U.S.C. 605(b), the regulatory flexibility analysis described in
section 603 of the RFA, 5 U.S.C. 603, is not required if the head of
the agency certifies that the rule will not have a significant economic
impact on a substantial number of small entities and the agency
publishes such a certification and a statement explaining the factual
basis for such certification in the Federal Register along with its
final rule.
On the basis of the information currently available, the
Comptroller of the Currency certifies that this final rule will not
have a significant impact on a substantial number of small entities
within the meaning of those terms as used in the RFA. The final
regulation requires a national bank that shares a co-branded website or
other electronic space with a bank subsidiary or a third-party to make
certain disclosures designed to enable its customers to distinguish its
products and services from those of the subsidiary or third-party. We
believe it will be relatively inexpensive for a bank, either internally
or through a servicer, to create and display the disclosures required
by this regulation. Updating a website is a fixed cost for a bank, and
is a practice that is done periodically. In addition, national banks
are currently required to provide similar disclosures for leased space
on bank premises and when sharing space jointly with other businesses.
Therefore, the OCC does not believe that this requirement will have a
significant impact on a substantial number of small entities.
Accordingly, a regulatory flexibility analysis is not required.
Unfunded Mandates Reform Act of 1995
Section 202 of the Unfunded Mandates Reform Act of 1995, Pub. L.
104-4 (Unfunded Mandates Act) requires that an agency prepare a
budgetary impact statement before promulgating a rule that includes a
Federal mandate that may result in expenditure by State, local, and
tribal governments, in the aggregate, or by the private sector, of $100
million or more in any one year. If a budgetary impact statement is
required, section 205 of the Unfunded Mandates Act also requires an
agency to identify and consider a reasonable number of regulatory
alternatives before promulgating a rule.
The OCC has determined that the final rule will not result in
expenditures by State, local, or tribal governments or by the private
sector of $100 million or more. Accordingly, the OCC has not prepared a
budgetary impact statement or specifically addressed the regulatory
alternatives considered.
Executive Order 12866
The Comptroller of the Currency has determined that this rule does
not constitute a ``significant regulatory action'' for the purposes of
Executive Order 12866. Under the most conservative cost scenarios that
the OCC can develop on the basis of available information, the annual
effect on the economy of the final rule falls well short of the $100
million threshold established by the Executive Order.
Paperwork Reduction Act of 1995
The OCC may not conduct or sponsor, and a respondent is not
required to respond to, an information collection unless it displays a
currently valid Office of Management and Budget (OMB) control number.
In accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3501
et seq.), the information collection requirements contained in this
rulemaking have been approved under OMB control number 1557-0225. The
OCC sought comment on all aspects of the burden estimates for the
information collection contained in the proposed rule (66 FR 34855,
July 2, 2002). The OCC received no comments.
The information collection requirements are contained in
Sec. 7.5010. This section requires a national bank that shares a co-
branded website or other electronic space with a bank subsidiary or a
third-party to make certain disclosures designed to enable its
customers to distinguish its products and services from those of the
subsidiary or third-party.
Estimated number of respondents: 1,609.
Estimated number of responses: 1,609.
Estimated burden hours per response: 1 hour.
Estimated total burden hours: 1,609 hours.
The OCC has a continuing interest in the public's opinion regarding
collections of information. Members of the public may submit comments
to Jessie Dunaway, OCC Clearance Officer, 250 E Street, SW, Attention:
1557-0225, Mailstop 8-4, Washington, DC 20219. Due to the temporary
delay in mail delivery, you may prefer to send your comments by
electronic mail to [email protected], or by fax to (202)
874-4889.
Effective Date
The Riegle Community Development and Regulatory Improvement Act of
1994 requires that any new regulation that imposes ``additional
reporting, disclosure, or other requirements on insured depository
institutions shall take effect on the first day of a calendar quarter
which begins on or after the date on which the regulations are
published in final form,'' less certain exceptions apply.\74\ This
rulemaking contains one section that imposes additional disclosure
requirements on national banks. Section 7.5010 requires national banks
that share electronic space, including a co-branded web site, with a
bank subsidiary, affiliate, or another third-party to take reasonable
steps to clearly, conspicuously, and understandably distinguish between
products and services offered by the bank and those offered by the
bank's subsidiary, affiliate, or the third-party. Accordingly, the
requirement to delay the effective date until the first day of the next
calendar quarter applies to Sec. 7.5010. The remaining sections of this
final rule do not impose additional reporting, disclosure, or other
requirements on insured depository institutions and therefore will
become effective 30 days after publication, in accordance with 5 U.S.C.
553(d).
---------------------------------------------------------------------------
\74\Pub. L. 103-325, section 302(b) (Sept. 23, 1994).
---------------------------------------------------------------------------
List of Subjects in 12 CFR Part 7
Credit, Insurance, Investments, National banks, Reporting and
recordkeeping requirements, Securities, Surety bonds.
Authority and Issuance
For reasons set forth in the preamble, the OCC amends part 7 of
chapter I of
[[Page 35004]]
title 12 of the Code of Federal Regulations as follows:
PART 7--BANK ACTIVITIES AND OPERATIONS
1. The authority citation for part 7 continues to read as follows:
Authority: 12 U.S.C. 1 et seq., 92, 92a, 93, 93a, 481, 484,
1818.
2. Section 7.1002 is revised to read as follows:
Sec. 7.1002 National bank acting as finder.
(a) General. It is part of the business of banking under 12 U.S.C.
24(Seventh) for a national bank to act as a finder, bringing together
interested parties to a transaction.
(b) Permissible finder activities. A national bank that acts as a
finder may identify potential parties, make inquiries as to interest,
introduce or arrange contacts or meetings of interested parties, act as
an intermediary between interested parties, and otherwise bring parties
together for a transaction that the parties themselves negotiate and
consummate. The following list provides examples of permissible finder
activities. This list is illustrative and not exclusive; the OCC may
determine that other activities are permissible pursuant to a national
bank's authority to act as a finder.
(1) Communicating information about providers of products and
services, and proposed offering prices and terms to potential markets
for these products and services;
(2) Communicating to the seller an offer to purchase or a request
for information, including forwarding completed applications,
application fees, and requests for information to third-party
providers;
(3) Arranging for third-party providers to offer reduced rates to
those customers referred by the bank;
(4) Providing administrative, clerical, and record keeping
functions related to the bank's finder activity, including retaining
copies of documents, instructing and assisting individuals in the
completion of documents, scheduling sales calls on behalf of sellers,
and conducting market research to identify potential new customers for
retailers;
(5) Conveying between interested parties expressions of interest,
bids, offers, orders, and confirmations relating to a transaction;
(6) Conveying other types of information between potential buyers,
sellers, and other interested parties; and
(7) Establishing rules of general applicability governing the use
and operation of the finder service, including rules that:
(i) Govern the submission of bids and offers by buyers, sellers,
and other interested parties that use the finder service and the
circumstances under which the finder service will pair bids and offers
submitted by buyers, sellers, and other interested parties; and
(ii) Govern the manner in which buyers, sellers, and other
interested parties may bind themselves to the terms of a specific
transaction.
(c) Limitation. The authority to act as a finder does not enable a
national bank to engage in brokerage activities that have not been
found to be permissible for national banks.
(d) Advertisement and fee. Unless otherwise prohibited by Federal
law, a national bank may advertise the availability of, and accept a
fee for, the services provided pursuant to this section.
3. Section 7.1019 is removed.
4. New subpart E is added to read as follows:
Subpart E--Electronic Activities
Sec.
7.5000 Scope.
7.5001 Electronic activities that are part of, or incidental to,
the business of banking.
7.5002 Furnishing of products and services by electronic means and
facilities.
7.5003 Composite authority to engage in electronic activities.
7.5004 Sale of excess electronic capacity and by-products.
7.5005 National bank acting as digital certification authority.
7.5006 Data processing.
7.5007 Correspondent services.
7.5008 Location of national bank conducting electronic activities.
7.5009 Location under 12 U.S.C. 85 of national banks operating
exclusively through the Internet.
7.5010 Shared electronic space.
Subpart E--Electronic Activities
Sec. 7.5000 Scope.
This subpart applies to a national bank's use of technology to
deliver services and products consistent with safety and soundness.
Sec. 7.5001 Electronic activities that are part of, or incidental to,
the business of banking.
(a) Purpose. This section identifies the criteria that the OCC uses
to determine whether an electronic activity is authorized as part of,
or incidental to, the business of banking under 12 U.S.C. 24 (Seventh)
or other statutory authority.
(b) Restrictions and conditions on electronic activities. The OCC
may determine that activities are permissible under 12 U.S.C. 24
(Seventh) or other statutory authority only if they are subject to
standards or conditions designed to provide that the activities
function as intended and are conducted safely and soundly, in
accordance with other applicable statutes, regulations, or supervisory
policies.
(c) Activities that are part of the business of banking. (1) An
activity is authorized for national banks as part of the business of
banking if the activity is described in 12 U.S.C. 24 (Seventh) or other
statutory authority. In determining whether an electronic activity is
part of the business of banking, the OCC considers the following
factors:
(i) Whether the activity is the functional equivalent to, or a
logical outgrowth of, a recognized banking activity;
(ii) Whether the activity strengthens the bank by benefiting its
customers or its business;
(iii) Whether the activity involves risks similar in nature to
those already assumed by banks; and
(iv) Whether the activity is authorized for state-chartered banks.
(2) The weight accorded each factor set out in paragraph (c)(1) of
this section depends on the facts and circumstances of each case.
(d) Activities that are incidental to the business of banking. (1)
An electronic banking activity is authorized for a national bank as
incidental to the business of banking if it is convenient or useful to
an activity that is specifically authorized for national banks or to an
activity that is otherwise part of the business of banking. In
determining whether an activity is convenient or useful to such
activities, the OCC considers the following factors:
(i) Whether the activity facilitates the production or delivery of
a bank's products or services, enhances the bank's ability to sell or
market its products or services, or improves the effectiveness or
efficiency of the bank's operations, in light of risks presented,
innovations, strategies, techniques and new technologies for producing
and delivering financial products and services; and
(ii) Whether the activity enables the bank to use capacity acquired
for its banking operations or otherwise avoid economic loss or waste.
(2) The weight accorded each factor set out in paragraph (d)(1) of
this section depends on the facts and circumstances of each case.
Sec. 7.5002 Furnishing of products and services by electronic means
and facilities.
(a) Use of electronic means and facilities. A national bank may
perform, provide, or deliver through electronic
[[Page 35005]]
means and facilities any activity, function, product, or service that
it is otherwise authorized to perform, provide, or deliver, subject to
Sec. 7.5001(b) and applicable OCC guidance. The following list provides
examples of permissible activities under this authority. This list is
illustrative and not exclusive; the OCC may determine that other
activities are permissible pursuant to this authority.
(1) Acting as an electronic finder by:
(i) Establishing, registering, and hosting commercially enabled web
sites in the name of sellers;
(ii) Establishing hyperlinks between the bank's site and a third-
party site, including acting as a ``virtual mall'' by providing a
collection of links to web sites of third-party vendors, organized by-
product type and made available to bank customers;
(iii) Hosting an electronic marketplace on the bank's Internet web
site by providing links to the web sites of third-party buyers or
sellers through the use of hypertext or other similar means;
(iv) Hosting on the bank's servers the Internet web site of:
(A) A buyer or seller that provides information concerning the
hosted party and the products or services offered or sought and allows
the submission of interest, bids, offers, orders and confirmations
relating to such products or services; or
(B) A governmental entity that provides information concerning the
services or benefits made available by the governmental entity, assists
persons in completing applications to receive such services or benefits
and permits persons to transmit their applications for such services or
benefits;
(v) Operating an Internet web site that permits numerous buyers and
sellers to exchange information concerning the products and services
that they are willing to purchase or sell, locate potential counter-
parties for transactions, aggregate orders for goods or services with
those made by other parties, and enter into transactions between
themselves;
(vi) Operating a telephone call center that provides permissible
finder services; and
(vii) Providing electronic communications services relating to all
aspects of transactions between buyers and sellers;
(2) Providing electronic bill presentment services;
(3) Offering electronic stored value systems; and
(4) Safekeeping for personal information or valuable confidential
trade or business information, such as encryption keys.
(b) Applicability of guidance and requirements not affected. When a
national bank performs, provides, or delivers through electronic means
and facilities an activity, function, product, or service that it is
otherwise authorized to perform, provide, or deliver, the electronic
activity is not exempt from the regulatory requirements and supervisory
guidance that the OCC would apply if the activity were conducted by
non-electronic means or facilities.
(c) State laws. As a general rule, and except as provided by
Federal law, State law is not applicable to a national bank's conduct
of an authorized activity through electronic means or facilities if the
State law, as applied to the activity, would be preempted pursuant to
traditional principles of Federal preemption derived from the Supremacy
Clause of the U.S. Constitution and applicable judicial precedent.
Accordingly, State laws that stand as an obstacle to the ability of
national banks to exercise uniformly their Federally authorized powers
through electronic means or facilities, are not applicable to national
banks.
Sec. 7.5003 Composite authority to engage in electronic activities.
Unless otherwise prohibited by Federal law, a national bank may
engage in an electronic activity that is comprised of several component
activities if each of the component activities is itself part of or
incidental to the business of banking or is otherwise permissible under
Federal law.
Sec. 7.5004 Sale of excess electronic capacity and by-products.
(a) A national bank may, in order to optimize the use of the bank's
resources or avoid economic loss or waste, market and sell to third
parties electronic capacities legitimately acquired or developed by the
bank for its banking business.
(b) With respect to acquired equipment or facilities, legitimate
excess electronic capacity that may be sold to others can arise in a
variety of situations, including the following:
(1) Due to the characteristics of the desired equipment or
facilities available in the market, the capacity of the most practical
optimal equipment or facilities available to meet the bank's
requirements exceeds its present needs;
(2) The acquisition and retention of additional capacity, beyond
present needs, reasonably may be necessary for planned future expansion
or to meet the expected future banking needs during the useful life of
the equipment;
(3) Requirements for capacity fluctuate because a bank engages in
batch processing of banking transactions or because a bank must have
capacity to meet peak period demand with the result that the bank has
periods when its capacity is underutilized; and
(4) After the initial acquisition of capacity thought to be fully
needed for banking operations, the bank experiences either a decline in
level of the banking operations or an increase in the efficiency of the
banking operations using that capacity.
(c) Types of electronic capacity in equipment or facilities that
banks may have legitimately acquired and that may be sold to third
parties if excess to the bank's needs for banking purposes include:
(1) Data processing services;
(2) Production and distribution of non-financial software;
(3) Providing periodic back-up call answering services;
(4) Providing full Internet access;
(5) Providing electronic security system support services;
(6) Providing long line communications services; and
(7) Electronic imaging and storage.
(d) A national bank may sell to third parties electronic by-
products legitimately acquired or developed by the bank for its banking
business. Examples of electronic by-products that banks may have
legitimately acquired that may be sold to third parties if excess to
the bank's needs include:
(1) Software acquired (not merely licensed) or developed by the
bank for banking purposes or to support its banking business; and
(2) Electronic databases, records, or media (such as electronic
images) developed by the bank for or during the performance of its
permissible data processing activities.
Sec. 7.5005 National bank acting as digital certification authority.
(a) It is part of the business of banking under 12 U.S.C.
24(Seventh) for a national bank to act as a certificate authority and
to issue digital certificates verifying the identity of persons
associated with a particular public/private key pair. As part of this
service, the bank may also maintain a listing or repository of public
keys.
(b) A national bank may issue digital certificates verifying
attributes in addition to identity of persons associated with a
particular public/private key pair where the attribute is one for which
verification is part of or incidental to the business of banking. For
example, national banks may issue digital certificates verifying
certain
[[Page 35006]]
financial attributes of a customer as of the current or a previous
date, such as account balance as of a particular date, lines of credit
as of a particular date, past financial performance of the customer,
and verification of customer relationship with the bank as of a
particular date.
(c) When a national bank issues a digital certificate relating to
financial capacity under this section, the bank shall include in that
certificate an express disclaimer stating that the bank does not
thereby promise or represent that funds will be available or will be
advanced for any particular transaction.
Sec. 7.5006 Data processing.
(a) Eligible activities. It is part of the business of banking
under 12 U.S.C. 24(Seventh) for a national bank to provide data
processing, and data transmission services, facilities (including
equipment, technology, and personnel), data bases, advice and access to
such services, facilities, data bases and advice, for itself and for
others, where the data is banking, financial, or economic data, and
other types of data if the derivative or resultant product is banking,
financial, or economic data. For this purpose, economic data includes
anything of value in banking and financial decisions.
(b) Other data. A national bank also may perform the activities
described in paragraph (a) of this section for itself and others with
respect to additional types of data to the extent convenient or useful
to provide the data processing services described in paragraph (a),
including where reasonably necessary to conduct those activities on a
competitive basis. The total revenue attributable to the bank's data
processing activities under this section must be derived predominantly
from processing the activities described in paragraph (a) of this
section.
Sec. 7.5007 Correspondent services.
It is part of the business of banking for a national bank to offer
as a correspondent service to any of its affiliates or to other
financial institutions any service it may perform for itself. The
following list provides examples of electronic activities that banks
may offer correspondents under this authority. This list is
illustrative and not exclusive; the OCC may determine that other
activities are permissible pursuant to this authority.
(a) The provision of computer networking packages and related
hardware;
(b) Data processing services;
(c) The sale of software that performs data processing functions;
(d) The development, operation, management, and marketing of
products and processing services for transactions conducted at
electronic terminal devices;
(e) Item processing services and related software;
(f) Document control and record keeping through the use of
electronic imaging technology;
(g) The provision of Internet merchant hosting services for resale
to merchant customers; (h) The provision of communication support
services through electronic means; and
(i) Digital certification authority services.
Sec. 7.5008 Location of a national bank conducting electronic
activities.
A national bank shall not be considered located in a State solely
because it physically maintains technology, such as a server or
automated loan center, in that state, or because the bank's products or
services are accessed through electronic means by customers located in
the state.
Sec. 7.5009 Location under 12 U.S.C. 85 of national banks operating
exclusively through the Internet.
For purposes of 12 U.S.C. 85, the main office of a national bank
that operates exclusively through the Internet is the office identified
by the bank under 12 U.S.C. 22(Second) or as relocated under 12 U.S.C.
30 or other appropriate authority.
Sec. 7.5010 Shared electronic space.
National banks that share electronic space, including a co-branded
web site, with a bank subsidiary, affiliate, or another third-party
must take reasonable steps to clearly, conspicuously, and
understandably distinguish between products and services offered by the
bank and those offered by the bank's subsidiary, affiliate, or the
third-party.
Dated: May 8, 2002.
John D. Hawke, Jr.,
Comptroller of the Currency.
[FR Doc. 02-12333 Filed 5-16-02; 8:45 am]
BILLING CODE 4810-33-P