Skip Header
U.S. flag

An official website of the United States government

Supervisory Insights

Overview of Selected Regulations and Supervisory Guidance

Last Updated: July 26, 2023

PDF version of this article

This section provides an overview of recently released regulations and supervisory guidance, arranged in reverse chronological order. Press Release (PR) or Financial Institution Letter (FIL) designations are included so the reader may obtain more information.

Subject Summary
New Anti-Money-Laundering Guidance on Customer Identification Programs (FIL-34-2005, April 28, 2005) The Federal banking, thrift and credit union regulatory agencies, the Financial Crimes Enforcement Network, and the Department of Treasury jointly issued additional interpretive guidance, in the form of Frequently Asked Questions, on the application of the "Customer Identification Programs for Banks, Savings Associations, and Credit Unions" regulation.
Guidance and Advisory on Banking Services for Money Services Businesses Operating in the United States (FIL-32-2005 and PR-36-2005, April 26, 2005) The Federal banking, thrift, and credit union regulatory agencies and the Financial Crimes Enforcement Network (FinCEN) issued interpretive guidance designed to clarify the requirements for, and assist banking organizations in, appropriately assessing and minimizing risks posed by providing banking services to money services businesses. FinCEN also issued a concurrent advisory to money services businesses to emphasize their Bank Secrecy Act regulatory obligations and to notify them of the types of information they will be expected to provide to a banking organization in the course of opening or maintaining account relationships.
Final Technical Amendments to Community Reinvestment Act Regulations (FIL-29-2005, April 20, 2005) The Federal banking and thrift regulatory agencies adopted the joint interim rule making technical changes to the Community Reinvestment Act (CRA) regulations published for comment in the Federal Register on July 8, 2004. The joint final rule took effect March 28, 2005, and conforms the CRA regulations to recent changes in the Standards for Defining Metropolitan and Micropolitan Statistical Areas published by the U.S. Office of Management and Budget, census tracts designated by the U.S. Census Bureau, and the Federal Reserve Board's Regulation C, which implements the Home Mortgage Disclosure Act.
Guidance on the Use of Internal Risk Ratings for Assigning Risk-Based Capital on Exposures to Asset-Backed Commercial Paper (ABCP) Programs (FIL-26-2005, March 31, 2005) The guidance, issued by the Federal banking and thrift regulatory agencies, generally applies to large banks extending credit enhancements to ABCP programs, explains the qualifying criteria for using an internal risk-rating system for assigning risk-based capital on exposures to ABCP programs, and supplements the "Securitization Capital Rule" (referenced in FIL-99-2001). The guidance provides implementing standards to be used in evaluating whether the bank's internal risk-rating system for ABCP exposures reasonably corresponds to the methodologies used by the ratings agencies in assigning external credit ratings and provides a framework for supervisors to determine the appropriate risk-based capital treatment for unrated direct credit substitutes provided to ABCP programs, using a "weakest link" method.
Answers to Frequently Asked Questions About New HMDA Data (PR-30-2005, March 31, 2005) The Federal banking, thrift, and credit union regulatory agencies, along with the Department of Housing and Urban Development, released a set of "Answers to Frequently Asked Questions" that addresses the new home loan pricing data disclosed for the first time under the Home Mortgage Disclosure Act (HMDA). The new loan pricing data are intended to advance enforcement of consumer protection and antidiscrimination laws and improve mortgage market efficiency.
Proposed Revision to the Classification System for Commercial Credit Exposures (FIL-22-2005 and PR-28-2005, March 28, 2005) The Federal banking and thrift regulatory agencies issued proposed guidance that would replace the current commercial loan classification system categories of "special mention," "substandard," and "doubtful" with a two-dimensional framework. The new rating system has one dimension that measures the risk of the borrower defaulting (borrower rating) and a second dimension that focuses on the loss severity the institution would likely incur in the event of the borrower's default (facility rating). Comments are due June 30, 2005.
Guidance on Response Programs for Security Breaches (PR-26-2005, March 23, 2005 and FIL-27-2005, April 1, 2005) The Federal banking and thrift regulatory agencies issued guidance that interprets the agencies' customer information security standards and states that financial institutions should implement a response program to address security breaches involving customer information. The guidance describes the appropriate elements of a response program, including customer notification procedures, and states that a financial institution should notify its primary Federal regulator of a security breach involving sensitive customer information, whether or not the institution notifies its customers.
Proposed Revisions to Community Reinvestment Act Regulations (FIL-21-2005, March 22, 2005) The Federal banking agencies issued proposed revisions that would raise the threshold for a "small bank" in the Community Reinvestment Act (CRA) regulations from $250 million to under $1 billion in assets, regardless of any holding company size or affiliation. A new "Community Development Test" would be added for banks with at least $250 million and less than $1 billion in assets ("intermediate small banks") that would be separately rated in CRA examinations. The proposal would expand the definition of community development to include activities such as affordable housing in underserved rural areas and designated disaster areas. The proposal also would address the adverse effect of discriminatory or other illegal activities on bank CRA ratings. Comments were due May 10, 2005.
Frequently Asked Questions and Statement on Independent Appraisal and Evaluation Functions (FIL-20-2005, March 22, 2005) The Federal banking, thrift, and credit union regulatory agencies issued a statement that clarifies and serves as a reminder of the existing standards for independence within the appraisal and real estate lending regulations. This document was developed in response to questions from financial institutions about these regulations, including questions about selecting an appraiser, ordering an appraisal, accepting a transferred appraisal, reviewing appraisals, and evaluation and other appraisal topics.
Revised Payday Lending Examination Guidance (FIL-14-2005, March 1, 2005, and PR-19-2005, March 2, 2005) The Federal Deposit Insurance Corporation (FDIC) issued revised examination guidance on payday lending programs. The revisions provide more specific guidance to FDIC-supervised institutions to ensure that this high-cost, short-term credit product is not provided repeatedly to customers with longer-term credit needs.
Advisory on Confidentiality of Supervisory Ratings (FIL-13-2005 and PR-18-2005, February 28, 2005) The Federal banking and thrift regulatory agencies issued an advisory that reminds financial institutions they are prohibited by law from disclosing CAMELS rating and other nonpublic supervisory information without permission from the appropriate Federal banking agency.
Final Guidance on Overdraft Protection Programs (FIL-11-2005 and PR-11-2005, February 18, 2005) The Federal banking, thrift and credit union regulatory agencies issued final joint guidance to assist insured depository institutions in the disclosure and administration of overdraft protection programs. The guidance details safety and soundness considerations, outlines pertinent Federal regulations, and lists industry best practices.
Recommendations Sought for Reducing Regulatory Burden (FIL-8-2005, February 3, 2005) The Federal banking and thrift regulatory agencies asked for recommendations on how to reduce the regulatory burden in 28 rules relating to Money Laundering, Safety and Soundness and Securities. Comments were due by May 4, 2005.

This was the fourth in a series of requests that are part of the agencies' effort to identify and eliminate regulatory requirements that are outdated, unnecessary, or unduly burdensome pursuant to the Economic Growth and Regulatory Paperwork Reduction Act of 1996. For more information, visit
Implementation of Web-Based Central Data Repository for Bank Financial Data (PR-4-2005, January 28, 2005) The Federal banking agencies announced a new implementation plan for the Central Data Repository (CDR)—an Internet-based system created to modernize and streamline how the agencies collect, validate, manage, and distribute financial data submitted by banks in quarterly Call Reports. While banks will not be required to submit Call Report data to the CDR until October 2005, the agencies plan to make the CDR available for testing by banks and software vendors early this summer.
Video Seminar on Deposit Insurance Coverage for Bank Employees (FIL-1-2005, January 14, 2005) The video, targeted for bank employees, explains the FDIC's deposit insurance coverage rules and requirements for all account ownership categories.
Disposal of Consumer Information (PR-128-2004, December 21, 2004, and FIL-7-2005, February 2, 2005) The Federal banking and thrift regulatory agencies issued interagency rules to require financial institutions to adopt measures for properly disposing of consumer information derived from credit reports. These rules, which take effect July 1, 2005, implement Section 216 of the Fair and Accurate Credit Transactions Act of 2003 by amending the Interagency Guidelines Establishing Standards for Safeguarding Customer Information.
Study on "Account Hijacking" Identity Theft and Suggestions for Reducing Online Fraud (FIL-132-2004, and PR-125-2004, December 14, 2004) This FDIC study outlines the problem and suggests steps to reduce online fraud, including upgrading existing password-based single-factor customer authentication to two-factor customer authentication; using scanning software to identify and defend against phishing attacks; strengthening consumer educational programs; and continuing to emphasize information-sharing among the financial services industry, government agencies, and technology providers.
Fair and Accurate Credit Transactions Act Effective Dates (FIL-130-2004, December 13, 2004) The Fair and Accurate Credit Transactions Act of 2003 (FACT Act) amended the Fair Credit Reporting Act (FCRA) in December 2003 and includes new provisions that impact the credit reporting system and the prevention of identity theft. These provisions will be implemented through regulations and other self-executing provisions, and this letter explains the FDIC's compliance expectations for both.
Guidance for the Purchase and Risk Management of Life Insurance (FIL-127-2004, December 7, 2004) The Federal banking and thrift regulatory agencies issued a statement that details the risk management practices institutions should use when purchasing and holding bank-owned life insurance (BOLI), including prepurchase analysis, senior management and board oversight, guidance on split-dollar arrangements, and the use of life insurance as security for loans. An appendix describes the types of life insurance commonly purchased and contains a glossary of BOLI-related terms.
Performing Due Diligence When Selecting Computer Software or a Service Provider (FIL-121-2004, November 16, 2004) This FDIC guidance states that financial institutions are expected to ensure the software or service providers they select comply with provisions of the Bank Secrecy Act, including the USA PATRIOT Act, and other applicable laws and regulations. Management should perform adequate due diligence before commercial off-the-shelf software or vendor-supplied software products are purchased and on an ongoing basis afterward.
New Guidance on Evaluating Operations and Wholesale Payment Systems (FIL-119-2004, November 10, 2004) The Federal Financial Institutions Examination Council (FFIEC) issued booklets with guidance on evaluating financial institutions' technology operations and assessing the risks applicable to wholesale payment systems activities. These two booklets are the last in a series of updates to the 1996 FFIEC Information Systems Examination Handbook, which is now retired. The entire series of booklets is available at
Guidance on the Risk Management of Free and Open Source Software (FOSS) (FIL-114-2004, October 21, 2004) The Federal Financial Institutions Examination Council (FFIEC) issued guidance to help institutions identify and implement appropriate risk management practices when they acquire and use FOSS, which refers to software that users are allowed to run, study, modify, and redistribute without paying a licensing fee. The Federal banking agencies believe the risks associated with using FOSS are not fundamentally different from the risks presented by proprietary or self-developed software.
Consumer Information on Avoiding Overdraft and Bounced-Check Fees (PR-107-2004, October 14, 2004) The Federal banking, thrift, and credit union regulatory agencies announced the publication of a new consumer resource, Protecting Yourself from Overdraft and Bounced-Check Fees. The brochure's key message to consumers is that the best way to avoid overdraft and bounced-check fees is to manage accounts wisely. That means keeping an up-to-date check register, recording all electronic transactions and automatic bill payments, and monitoring account balances carefully.