SPST-0202 Recordkeeping for Timely Deposit Insurance Determination (Revised )

Download: docx | pdf

SUPPORTING STATEMENT

“Recordkeeping for Timely Deposit Insurance Determination”

(OMB Control No. 3064-0202)

INTRODUCTION

The Federal Deposit Insurance Corporation (FDIC) is submitting for Office of Management and Budget (OMB) review a final rule entitled Recordkeeping for Timely Deposit Insurance Determination (“final rule”). The final rule imposes information technology system and recordkeeping requirements on insured depository institutions with two million or more deposit accounts (“covered institutions”). As of the second quarter of 2016, 38 insured depository institutions would be covered by the final rule. Subject to Congressional review, the final rule will become effective on April 1, 2017.

Under the final rule, covered institutions will need to adopt new and enhance existing recordkeeping and information technology systems to facilitate the FDIC’s determination of deposit insurance coverage for depositors in the event of the covered institution’s failure. Covered institutions can obtain relief from certain of the final rule’s requirements under specific circumstances if conditions are met or if a written request is granted by the FDIC. Beginning three years after the final rule’s effective date, covered institutions will need to certify annually that they satisfy the recordkeeping and information technology requirements. Along with that certification, they will need to provide a summary report detailing the extent to which the covered institution’s information technology system can calculate deposit insurance coverage available in connection with each deposit account.

The FDIC is requesting OMB approval to establish a new information collection (OMB Control No. 3064-0202) comprised of reporting and recordkeeping requirements announced in the notice of proposed rulemaking which are now being implemented in the final rule.

A. JUSTIFICATION

1. Circumstances and Need

Under the FDI Act, the FDIC is responsible for paying deposit insurance “as soon as possible” following the failure of an insured depository institution (“IDI”).¹ It must also implement the resolution of a failed IDI at the least cost to the Deposit Insurance Fund.² To pay deposit insurance, the FDIC uses a failed IDI’s records to aggregate the amounts of all deposits that are maintained by a depositor in the same right and capacity and then applies the standard maximum deposit insurance amount (“SMDIA”) of $250,000.³ As authorized by law, the FDIC generally relies on the failed institution’s deposit account records to identify deposit owners and the right and capacity in which deposits are maintained.⁴ The FDIC has a right and a duty under section 7(a)(9) of the FDI Act to “take such action as may be necessary to ensure that each IDI maintains, and the [FDIC] receives on a regular basis from such institution, information on the total amount of all insured deposits, preferred deposits and uninsured deposits at the institution.”⁵

Deposits have become more concentrated in large IDIs. From 2008 through 2014, the largest number of deposit accounts held at a single IDI increased 42 per cent, and the number of deposit accounts at the ten IDIs having the most deposit accounts increased 25 percent. The increased concentration of deposits is partly a function of the IDIs’ internal growth, but it is also attributable to acquisitions during this time period. As a result of this concentration, many IDIs are even more complex than before, resulting in greater potential for significant internal IT systems disparities as well as data accuracy and completeness problems. Larger institutions are generally more complex, have more deposit accounts, greater geographic dispersion, more diverse systems, and more data quality issues. Because the perception that FDIC could be delayed in making deposit insurance determinations in the event of the failure of an IDI could lead to bank runs or other systemic problems, the FDIC believes that improved strategies must be implemented to ensure prompt deposit insurance determinations upon the failure of an IDI with a large number of deposit accounts. The FDIC believes that requiring covered institutions to enhance their deposit account data and upgrade their IT systems would address many of these issues as the FDIC would be able to perform the deposit insurance determination on all or a significant subset of those covered institutions’ deposit accounts without the significant delay that could be occasioned by a data transfer to the FDIC.

2. Use of Information Collected

The information collected under the final rule will be used by the FDIC to determine the amount of deposit insurance available to each depositor for each of its deposit accounts in the event of a covered institution’s failure. Much of this information is already collected by all IDIs under existing statutory or regulatory requirements. The final rule would impose a new information collection requirement to the extent that covered institutions must maintain in their deposit account records the information that is needed by the FDIC to make a deposit insurance determination, and to the extent that covered institutions would need to keep their deposit account records in a format that is accessible by the FDIC, using a covered institution’s IT system, in the event of a covered institution’s failure.

The FDIC will also collect from each covered institution, on an annual basis, a certification that the covered institution is in compliance with the final rule’s requirements as well as a summary deposit insurance coverage report that demonstrates the extent to which the covered institutions IT system can be used to calculate deposit insurance coverage for the institution’s deposit accounts. The FDIC will collect requests for relief from covered institutions, which will include information that substantiates the covered institution’s inability to comply with the final rule’s requirements.

3. Use of Technology to Reduce Burden

The final rule is premised upon covered institutions’ use of technology to make the required reports and to maintain the required records.

4. Duplication of Information

The information that the FDIC would collect from covered institutions to verify compliance with the final rule’s requirements, or that substantiates a covered institution’s request for relief, is not available by other means. The reporting and recordkeeping requirements in the final rule are new and are not unnecessarily duplicative.

5. Minimizing the Burden on Small Banks

The final rule will not impact small banks. By definition, a covered institution is an IDI that has two million or more deposit accounts. None of the potential covered institutions would be a small bank.

6. Consequences of Less Frequent Collection

Less frequent collection of such information could result in a lesser degree of compliance with the final rule’s requirements and would not be as helpful to the FDIC’s preparation to make a prompt deposit insurance determination in the event of a covered institution’s failure. If this information were collected less frequently, then the FDIC would have a lower level of confidence that a covered institution maintains accurate and complete deposit records and has an IT system that would facilitate the FDIC’s timely deposit insurance determination process upon the covered institution’s failure.

7. Special Circumstances

None.

8. Consultation with Persons Outside the FDIC

The FDIC published an Advanced Notice of Proposed Rulemaking (ANPR) in the Federal Register seeking comment on April 28, 2015 (80 Fed. Reg. 23478). The FDIC received ten comment letters from trade associations, IDIs, a law firm, companies which provide services to IDIs, and individuals. FDIC staff also participated in meetings and conference calls with financial services industry representatives. The FDIC considered these comments during its development of the proposed rule.

Following the ANPR, the FDIC developed and, in February of 2016, published in the Federal Register a notice of proposed rulemaking (NPR) entitled “Recordkeeping for Timely Deposit Insurance Determination.” The NPR’s comment period expired on June 27, 2016. The FDIC received 14 comment letters from IDIs, industry trade associations, financial intermediaries, mortgage servicing companies, technology firms, an industry consultant and an individual. In addition, FDIC staff participated in meetings or conference calls with industry representatives related to the comments. The FDIC considered all of the comments it received when developing the final rule. Generally, the issues raised by the commenters may be categorized under the following topics: (A) the need for regulation; (B) expected effects of the proposed rule; (C) possible alternatives to the proposed rule; (D) problems with the proposed rule’s requirements; and (E) possible adverse consequences. The comments and responses to each of these topics are discussed below.

1. Comments concerning the need for regulation

The commenters generally agree that it is important for depositors to have prompt access to their insured deposits in the event of the failure of a large and complex IDI. However, some commenters contended that the proposed rule is unnecessary because covered institutions are unlikely to fail. One commenter remarked that the likelihood of failure is “essentially zero.” This commenter maintained that it is more likely that market forces and the FDIC’s enforcement powers and supervisory authority would solve the problems of a large institution before failure. This commenter also asserted that, even if failure did occur, a transaction in which all deposits are assumed by another institution would be the least costly resolution, thereby avoiding the need for a deposit insurance determination. The payment of all uninsured deposits would preserve the failed bank’s franchise value, this commenter argued, while adherence to deposit insurance limits could cause runs at other financial institutions and be systemically disruptive. Another commenter suggested that it would be “unlikely” that the FDIC would use a straight deposit payoff, an insured deposit transfer, or a deposit insurance national bank to resolve a large bank. Similarly, other commenters posited that, if a covered institution were to fail, then an all-deposit purchase and assumption transaction would be the least costly resolution, thereby avoiding the need for a deposit insurance determination.

While the likelihood of any particular covered institution’s failure may be low at a given point in time, history suggests that the financial condition of institutions that are perceived to be in good health can deteriorate quickly and with little notice. In 2008 and 2009, several large insured depository institutions failed, including IndyMac Bank and Washington Mutual Bank. In general, very large IDIs generally rely on credit-sensitive funding more than smaller IDIs do, which makes them more likely to suffer a rapid liquidity-induced failure.

The contention that warning signs will give the FDIC sufficient notice to plan for resolution of a covered institution and the related argument by another commenter that the “FDIC has provided absolutely no evidence that a large bank…has ever failed with little prior warning” is also controverted by the events of the recent banking and financial crisis. The financial condition of several large and complex financial institutions deteriorated very rapidly in 2008. Numerous academic studies, articles, Congressionally sanctioned reports, other government-sponsored reports, and Congressional testimonies (including those from FDIC officials), have documented that short term funding challenges rapidly caused distress at banks during the last financial crisis (resulting in either bank failure or government intervention to prevent failure, as in the case of Wachovia Bank and Citibank). This dynamic, present in the failure of Washington Mutual, for example, increases the risk that the FDIC will have less lead time to prepare for determining whether deposits are insured or uninsured.⁶

While certain post-crisis reforms have resulted in a more resilient banking system with stronger liquidity and capital, the effect of these reforms has not been tested in a crisis. These post-crisis reforms mitigate but do not eliminate the risk of failure. Moreover, other post-crisis reforms have limited the FDIC’s authority to provide assistance to an open bank.⁷ Post-crisis reforms restrict the FDIC’s authority to provide a guarantee of open bank and bank holding company debt in a crisis in order to bolster liquidity by requiring Congressional approval. In contrast, during the most recent crisis the FDIC was able to provide guarantees through the Temporary Liquidity Guarantee Program under then-existing statutory authority.

The contentions that, even if a large bank did fail, a transaction in which all deposits are assumed by another institution or in which all assets are purchased and deposit liabilities assumed would be the least costly resolution (thus avoiding the need for a deposit insurance determination), or that it would be “unlikely” that the FDIC would use a straight deposit payoff, an insured deposit transfer, or a deposit insurance national bank to resolve a large bank are again controverted by the facts. The contentions assume that some institution will always be willing to assume deposits, which is not the case. Since 2008, the FDIC has conducted 36 resolutions where an all-deposit assumption transaction could not be arranged. As a result, deposit insurance had to be determined and paid in connection with each of those resolutions. Moreover, the sheer size of many covered banks limits the number of institutions that could even consider purchasing all assets and assuming all deposits (or simply assuming all deposits), thus further increasing the chances that a deposit insurance payout or a bridge bank will be the least costly alternative.⁸ To use these resolution methods, the FDIC must be able to make a deposit insurance determination.

Moreover, a former Chairman of the FDIC publicly shared his reaction to the suggestion that the FDIC would never need to determine deposit insurance for the largest banks, stating that the suggestion was “in effect, proposing 100% deposit insurance at banks, which would sound the death knell for any pretense of market discipline and a private sector banking system.” He stated that, historically, the FDIC “had no ability to deal with large bank failures in any way other than by recapitalizing them or merging them into even larger banks if [the FDIC] couldn't quickly segregate the uninsured deposits from the insured. Without this information, the FDIC might as well throw in the towel on instilling private sector discipline in the banking system.” ⁹ The possibility of failure must exist to maintain market discipline and avoid moral hazard.

Some commenters assert that additional regulation is unnecessary because the FDIC’s informational needs for a deposit insurance determination are already addressed in its current regulation at 12 C.F.R. § 360.9. The current approach under § 360.9 is not adequate and additional regulation is necessary for two reasons. First, as discussed in Section II.C of the preamble to the final rule, Need for Further Rulemaking, the informational and provisional hold aspects of § 360.9 are inadequate for the largest depository institutions. The institutions covered by § 360.9 are permitted to populate the data fields by using only data elements currently maintained in-house. If the institution does not maintain the information to complete a particular data field, then a null value can be used in that field. As a result of this discretionary approach, these institutions’ standard data files are frequently incomplete. The provisional holds capability falls short because § 360.9 requires these institutions to maintain the technological capability to automatically place and release holds on deposit accounts if an insurance determination could not be made by the FDIC by the next business day after failure. Although provisional holds allow depositors’ access to a portion of their total deposit while the insurance determination is being finalized, the hold does not facilitate a faster or more efficient insurance determination.

Second, because deposit data files must be transmitted to the FDIC, standardized by FDIC staff, and then processed on the FDIC’s IT system, deposit insurance determination is still a very time consuming and manually intensive endeavor that does not allow for deposit insurance to be determined as quickly as it could be under the approach taken in the final rule. While § 360.9 would assist the FDIC in fulfilling its legal mandates regarding the resolution of failed institutions subject to that rule, the FDIC believes that if one of the largest IDIs were to fail with little prior warning, additional measures would be needed to ensure the prompt and accurate payment of deposit insurance to all depositors.

Beyond the constraints apparent in § 360.9, significant resources are needed to collect and standardize the information needed to process the high volume of accounts a covered institution has in a manner that will avoid significant disruption to depositors and the payment system. Processing deposit accounts after gathering needed information can take significant time after failure as well. As the amount of time needed to gather information from a depositor increases, the speed of insurance payment to that depositor decreases. Delays in processing deposit insurance determinations at banks with millions of deposit accounts would likely be more significant than the delays imposed during past resolutions of smaller banks. For example, in the wake of IndyMac’s failure, it took FDIC staff significant time and resources to complete deposit insurance determinations for many formal revocable trust and irrevocable trust accounts. Public reaction to significant delays in payment of even larger numbers of deposits is unknown, but given the level of public anxiety after the failure of IndyMac Bank, it is reasonable to believe that the fear of loss on deposits could be even greater. The reporting required under the final rule will help the FDIC prepare to make deposit insurance determinations after the failure of a covered institution.

Several commenters assert that there is no need for covered institutions to maintain account information that duplicates or overlaps with information already maintained outside the institution by account holders who can provide the information expeditiously in the event of the institution’s failure. These commenters believe that a two-pronged approach by which prompt payment is made to most depositors and later payment is made to certain other depositors once the required information has been received has had no negative effect on public confidence in deposit insurance and the banking system. To a large extent, the final rule accommodates this concern by limiting the recordkeeping requirements for certain types of deposit accounts for which covered institutions do not already maintain the information needed for deposit insurance determination (see discussion below).

The evolution of deposit products and relationships has rendered current regulatory standards less effective in facilitating rapid deposit insurance determination. Account features and customer use and expectations have changed. Immediate and continuous access to deposit accounts is more common now than in the past. Deposit accounts are increasingly used by beneficial owners of deposits who are not the named account holder (e.g., MMDAs associated with brokered sweep accounts and prepaid card programs administered by a third party that places deposits at an IDI on behalf of the cardholders). Also, demand deposit accounts held in connection with revocable trusts are used more commonly. Because these accounts are transactional, those depositors expect to have immediate access without regard for the respective institution’s failure. Checks outstanding at the time of failure need to be processed and either paid or returned in a timely manner, often no more than a few business days, in order to avoid cascading consequences across the payments system. However, it could take time after failure for the FDIC to gather the information needed to make a deposit insurance determination for the deposit accounts that those checks are drawn upon. The final rule seeks to minimize the amount of time needed to make deposits in those accounts accessible so that the impact on depositors and the payments system in general is minimized.

Some of the commenters maintain that the FDIC should develop its own IT system capabilities to handle deposit insurance determinations at an institution of any size. One advocated for the development and use of a single insurance calculation system to be deployed at every covered institution, while another discussed the use of a custodial facility to reconcile depositor data transmitted by the institution with data transmitted by financial intermediaries. As described in the Alternatives Considered section of the preamble, the FDIC considered developing a system to rapidly transfer all deposit data from a failed IDI’s IT system to the FDIC for processing in order to calculate and make deposit insurance determinations but determined that the challenge of absorbing the deposit system or systems of a large, complex institution quickly enough to produce prompt insurance determinations is practically infeasible.

2. Comments concerning the expected effects of the rule

Several commenters challenged the conclusions and methodology of the FDIC’s analysis of the proposed rule’s expected effects. One commenter remarked that the “proposed rule would impose unnecessary costs without delivering any benefit” and that the FDIC “almost certainly has grossly underestimated the cost to the affected banks of implementing and maintaining deposit-account aggregation as specified in the NPR.” Commenters criticized different cost components of the analysis, including whether the model was up-to-date, captured the impact of the rule on all market participants, and the assumptions and robustness of the model. The comments and FDIC’s response are described below.

Expected Costs

FDIC costs: One commenter noted that the NPR did not include costs to the FDIC. The FDIC estimates that this rule will require as many as 15 full-time equivalent employees to assist with implementation of the regulation. ¹⁰ The present value of these costs at a 3.5 percent discount rate for 30 years increases the estimated cost of the rule by approximately $36 million.¹¹ The costs of these employees include wages, benefits, and taxes, and are adjusted for inflation. The FDIC believes this is a conservative estimate as it anticipates that administration of the rules will require less effort over time.

Costs to depositors: Commenters noted that the NPR did not include the costs that depositors will incur updating or providing account information to covered institutions. The FDIC believes that the number of accounts where depositors will be asked to provide account information is significantly reduced from the NPR given the alternative recordkeeping requirements provided for in the final rule. Even so, the FDIC estimates that the cost to depositors will be approximately $56 million. In calculating this estimate, the FDIC assumes a 100 percent response rate by depositors with a level of effort (LOE) for depositors equal to the LOE of the covered institutions and the average national wage rate of $27 per hour. ¹² Depositors are not required to provide account information, however, and the FDIC expects that some depositors will not provide it. A depositor who provides the account information reveals that he or she perceives that the benefit of providing the information exceeds the cost of doing so.

Costs to intermediaries: Some commenters criticized the FDIC’s cost estimate because it did not include the potential impact on other market participants, including administrators, custodians, and sub-custodians. In response to comments discussed elsewhere in this preamble, the final rule provides alternative recordkeeping requirements for certain deposit accounts. The FDIC expects that the cost to intermediaries will be negligible given the alternative recordkeeping requirements provided under the final rule.

Number of Deposit Accounts: Several commenters criticized the FDIC’s analysis on the grounds that it was based on outdated information, and it included some banks that would not be covered by the NPR and excluded some banks that would be covered. Based upon comments received on the NPR and taking into consideration the banks that amended their Call Reports to reflect a deposit account total under the two million threshold, the FDIC updated its model using June 30, 2016 Call Report data, adding banks that will be subject to the final rule and removing banks that are no longer expected to be subject to the final rule. The number of covered institutions increased from 36 to 38, and the number of deposit accounts rose by 4.7 percent. This update, by itself, added approximately $6.4 million to the estimated cost of the rule.

Ongoing Costs: The FDIC’s cost estimate was also criticized as not addressing the ongoing costs of compliance or considering anti-competitive effects. Some commenters argued that the FDIC failed to take into consideration ongoing costs; other commenters argued that the FDIC’s estimate of these costs was too low. The FDIC agrees to an extent. The FDIC did not receive any evidence that its estimate for one year of ongoing costs was too high; however, it did update its estimate to include costs incurred in later years. The FDIC extended the horizon for annual ongoing costs by calculating the present value of these costs over a 30-year horizon at a 3.5 percent discount rate. ¹³ This re-calculation raises the estimated cost of ongoing operations from $2.9 million to approximately $55 million.

Costs and Risks of Data Breaches: Several commenters stated that the additional information maintained by banks as a result of this final rule would increase the risk and cost of data breaches. As stated in the NPR, covered institutions already maintain significant amounts of personally identifiable information (PII) on their depositors. The final rule does not require covered institutions to bring records in-house that currently are permitted to reside outside the institution with the account holder or other designated third party. Consequently, the FDIC believes that cybersecurity concerns do not provide sufficient justification against adoption of the final rule.

Foreign Deposits: One commenter stated that the rule should not cover foreign deposits. The rule does not cover foreign deposits and the cost calculations take into account only domestic deposit accounts.

Misinterpretation of Rule Requirements: Several commenters stated the costs of the final rule would be orders of magnitude higher than the FDIC’s estimate as they believed the rule would require them to collect or report changes to beneficial ownership and account balances on a daily basis. The proposed rule did not contain any such requirement. The final rule does not require daily collection or reporting but rather periodic demonstrations that covered institutions can promptly provide deposit account information to the FDIC. In any event, the final rule sets forth alternative recordkeeping requirements that can be met to satisfy the rule with respect to accounts insured on a pass-through basis and certain deposit accounts held in connection with formal trusts.

Model Robustness to Changes in Assumptions: One commenter stated that the costs in the model are sensitive to the assumptions used by the FDIC. The FDIC did not receive any information that would indicate that its assumptions are inappropriate. Further, this comment ignored the effect that changing assumptions has on the benefits of the rule, which also rise with the banks’ difficulty in obtaining accurate account information. For example, assuming that the percentage of accounts with insufficient deposit records will be higher would raise the costs of the rule, but it would also increase the benefits of the rule because, absent the final rule, a higher percentage of accounts with missing or incorrect information would likely further delay an insurance determination.

Reliability of Cost Estimate: The NPR noted that even if actual compliance costs turned out to be twice the projected cost, such costs would still be relatively small in the context of the size, annual income, and expenses of covered institutions. Referring to this statement, one commenter stated that the “margin of error in the estimate could be as much as 100 percent.” The FDIC recognizes that no model will perfectly capture all of the costs associated with this rule. Doubling the estimated costs merely demonstrates the robustness of the FDIC’s cost estimate. Moreover, none of the commenters proposed an alternative model or provided their own compliance cost data. The FDIC invited the submission of such information when it issued the ANPR and the NPR.

Relative Costs for Smaller Institutions: Another commenter states that the FDIC's compliance cost estimates do not accurately reflect the burden the proposed rule would place on covered institutions and that compliance burdens would fall disproportionately on smaller institutions, which do not have the economies of scale to absorb the costs. This commenter suggests that the FDIC provide a cost calculation that stratifies the financial impact of the proposal by total deposits, so that the actual costs relative to size, other expenses, and earnings can be accurately assessed. One commenter noted that, while the costs of the rule relative to revenue and expenses are very small for covered institutions as a whole, this is because of the outsized influence of large banks on aggregate revenue and expenses. While the FDIC recognizes that the cost of the rule per account and as a percentage of assets, revenue and expenses will be higher for relatively smaller covered institutions and, while it considered these costs when determining whether to adopt the final rule, the FDIC concluded that incomplete deposit account information at institutions with two million or more deposit accounts poses an unacceptable risk to the DIF and depositors. However, institutions can submit a request to the FDIC for an exemption from the final rule if their deposit-taking business model does not pose a significant risk to the DIF or depositors because all deposits they accept are fully insured. Moreover, the primary determinant of the costs of the rule per institution is not likely to be the size of the institution, but rather the quality of its current IT system for deposit record-keeping. Those institutions with more robust and accurate record-keeping systems will incur fewer costs. Those with less robust and less accurate record-keeping systems will incur greater compliance costs.

Expected Benefits

Multiple commenters argued that the FDIC should quantify the expected benefits of the final rule. None of the commenters provided their view on the quantitative benefits of the rule. Because there is no market in which the value of these public benefits can be determined, it is not possible to quantify or estimate these benefits with precision.

Some commenters questioned the benefits that the rule would provide. One individual argued that the rule would not deliver any benefit. One group of trade associations described the expected benefits as “marginal,” and another individual described the rule as providing little benefit. The commenters offered minimal explanation of their positions on the expected benefits apart from speculating that the failure of one of these large institutions was unlikely, notwithstanding the events of the recent financial crisis. In the FDIC’s view, the final rule provides many benefits, as explained in the Expected Benefits and Need for Further Rulemaking sections of the preamble.

3. Comments concerning possible alternatives to the proposed rule.

As described in the Alternatives Considered section of the preamble, the FDIC considered a number of alternatives in developing the proposed and final rule, including: (i) adjusting thresholds above or below the proposed two million accounts; (ii) excluding certain account types; (iii) maintaining the FDIC’s current approach to deposit insurance determinations (status quo); (iv) developing an internal FDIC IT system and transfer processes capable of subsuming the deposit system of any large covered IDI in order to perform deposit insurance determinations; and (v) simplifying deposit insurance coverage rules. The FDIC received comments on these alternatives as described below.

In deciding which institutions would be subject to the final rule, the FDIC considered thresholds above and below two million deposit accounts. The FDIC received one comment on this alternative. The commenter suggested that the threshold should include both the number of accounts and total dollar amount of deposits, and suggested that threshold for the number of accounts should be higher – 10 million accounts. Raising the threshold would decrease the costs of the rule on the industry because fewer institutions would be covered, but would also increase the risk that the FDIC would be operationally unable to make timely and accurate deposit insurance determinations for large institutions and limit the FDIC’s resolution options, thereby potentially increasing its loss.

Several commenters argued that it would be too costly to impose additional recordkeeping requirements for certain types of deposit accounts. The FDIC recognizes that information needed for deposit insurance purposes may reside outside an IDI and the final rule does not require that covered institutions collect additional information from account holders.

Some commenters supported maintaining the status quo and considered existing regulatory standards (specifically § 360.9) to be adequate. Adoption of § 360.9 was an important step toward resolving a large depository institution in an efficient and orderly manner. However, as stated above, while § 360.9 would assist the FDIC in fulfilling its legal mandates regarding the resolution of a failed institution that is subject to that rule, the FDIC believes that if the largest of depository institutions were to fail with little prior warning, additional measures would be needed to ensure the prompt and accurate payment of deposit insurance to all depositors.

The FDIC received a comment supporting the alternative in which the FDIC creates a software solution to calculate and make deposit insurance determinations to be deployed at all covered institutions. The FDIC finds that alternative is not feasible, given the challenge of creating one program to accommodate the different and bespoke deposit systems of all covered institutions.

4. Comments concerning the proposed rule’s requirements.

Problems associated with beneficial ownership information. One commenter stated that requiring a large amount of beneficial owner data to be collected on a daily basis would be superfluous because the FDIC would only need to use the data for deposit insurance determinations if and when a covered institution failed. Moreover, requiring daily updates on beneficial customer data would result in high costs and risk customer dissatisfaction. Generally speaking, beneficial ownership of deposits placed in covered institutions relies upon the principles of agency law or fiduciary relationships to provide “pass-through” deposit insurance coverage to the beneficial owners of those accounts. In most circumstances, the agents, fiduciaries, custodians or other accountholders maintain the requisite beneficial ownership data in their own records, and presumably, those accountholders update their records as necessary, including on a daily basis, as ownership of the underlying deposits changes. For example, as reported by the American Banker, Green Dot Bank has created a system that “provides real-time updates on Green Dot systems that are used to administer the Walmart MoneyCard program.”¹⁴ While the final rule requires a covered institution’s IT system to be capable of accepting and processing beneficial ownership data for all accounts on any given day, i.e., the day of the covered institution’s failure, the beneficial ownership information will not be required to be transferred and maintained on a daily basis at the covered institution provided that 12 CFR part 330 permits the recordkeeping associated with those deposit accounts to be maintained by an entity other than the covered institution. See, 12 CFR 330.5 and 12 CFR 330.7.

Some commenters remarked that having to submit requests for exceptions for individual account holders would be “senselessly cumbersome and grossly inefficient – including for the FDIC itself – considering that all or most covered banks would be expected to seek exceptions for certain classes or accounts.” The FDIC has considered the comments regarding the inefficiency as well as the burden to both the covered institutions and the FDIC of having to submit and process, respectively, requests for exceptions from the final rule’s requirements for each individual account holder for whom it would not be possible to obtain the requisite information. Therefore, the FDIC has revised its proposal to address this concern. As more fully described in Section III of the preamble, Description of the Final Rule, the final rule adopts a bifurcated approach to deposit account recordkeeping requirements based upon the recordkeeping procedures permitted by 12 CFR part 330. Under this approach, covered institutions will not be required to collect and maintain information for certain deposit accounts provided that 12 CFR part 330 allows the requisite information to be maintained by the account holder or some other third party. All of the deposit accounts that satisfy the recordkeeping criteria set forth in 12 CFR part 330 will be excepted from the final rule’s depositor information recordkeeping requirements and from the assignment of a unique identifier (except to the account holder). Furthermore, the assignment of an FDIC right and capacity code to such deposit accounts will not be required. Consequently, it will not be necessary for covered institutions to request exceptions for individual deposit accounts or for certain “classes” of deposit accounts provided that the relevant deposit account ownership information for those accounts is maintained in accordance with 12 CFR part 330.

Certain commenters pointed out that the proposed rule would be unduly costly, burdensome, and impracticable in the case of particular account holders, such as banks needing to obtain ownership and balance information from agents and other custodians who service payment cards issued by large corporations as checking and debit substitutes. One commenter expected that information for retirement plan participants would not be forthcoming from sponsors, fiduciaries and others involved in plan administration because participants’ interests change daily, there are multiple intermediaries from whom information would need to be collected, and because plan sponsors and fiduciaries won’t disclose participant information for fear of violating participants’ privacy and breaching fiduciary duties under the Employee Retirement Income Security Act of 1974 (“ERISA”).¹⁵ Another commenter contended that a lawyer’s disclosure of clients’ identities and interests in client trust accounts conflicts with ethical rules protecting confidential client information.

The commenters provided factual information and justifications to support their argument that various classes of deposit accounts should be excepted from the recordkeeping requirements of the final rule. In the end, the FDIC decided to align the deposit account recordkeeping requirements of this final rule with the permissive recordkeeping requirements set forth in 12 CFR 330.5 and 12 CFR 330.7. These two sections of the FDIC’s regulations address deposit account ownership (and recordkeeping) in the context of fiduciary relationships (as described in § 330.5) and which includes agents, nominees, guardians and custodians. Compliance with these recordkeeping requirements is necessary to ensure the availability of pass-through deposit insurance to the underlying beneficial owners of the deposits. The commenters presented various arguments for different types of pass-through deposits to support their request for “class” exceptions. The various types of deposit accounts identified by the commenters will be discussed below.

Retirement and other employee benefit plan accounts. For the reasons set forth above, the FDIC will consider these accounts to be subject to the alternative recordkeeping requirements of final part 370. Nevertheless, the covered institutions will be required to assign a unique identifier to the account holder. Covered institutions will also be required to maintain a “pending reason” code in their deposit account records for each account to comply with § 370.4(b)(1)(ii) of the final rule. The covered institutions should have procedures in place to obtain the necessary plan participant information as soon as possible after failure. Any delay in the receipt of the requisite information post-failure will adversely impact the FDIC’s ability to complete its deposit insurance determinations and disburse deposit insurance payments to the plan administrators.

Interest on Lawyer Trust Accounts and Real Estate Trust Accounts. Several commenters described the problems facing lawyers attempting to maintain current and accurate information regarding their clients’ identities and transactions associated with their Interest on Lawyer Trust Accounts (“IOLTA”) accounts. The commenters asserted that frequent, if not daily, deposits and withdrawals are made on behalf of various clients. Therefore, requiring the lawyers to provide up-to-date information on a daily basis would be “administratively difficult and costly” for the lawyers who are the account holders. Nevertheless, the American Bar Association Model Rule 1.15 requires lawyers to keep adequate records on IOLTAs for up to five years. Therefore, the lawyer or law firm (as the account holder) would be able to provide the necessary information regarding their clients, who are the beneficial owners of the deposit in the IOLTA account in a timely fashion. Moreover, the commenters pointed out that lawyers have a fiduciary duty to maintain the confidentiality of their clients’ sensitive and/or personal information. That duty could be compromised by routinely disclosing such information to a covered institution. The FDIC recognizes that FinCEN recently excepted IOLTAs and other lawyer escrow accounts from its customer due diligence final rule; it appears that FinCEN relied upon many of the same considerations that the FDIC has recognized.¹⁶ It is important to note, however, that FinCEN and the FDIC are addressing different problems through their respective rulemakings; i.e., the prevention of money laundering and timely deposit insurance determinations, respectively. Ultimately, the safeguards provided by the lawyers’ rules of professional responsibility to properly manage their IOLTA accounts coupled with the off-site recordkeeping allowed pursuant to § 330.5(b)(1) – (3) for fiduciary relationships justify the reduced deposit account recordkeeping requirements for IOLTA accounts.

The same commenters asserted that Real Estate Trust Accounts (“RETAs”) are very similar in structure and concept to IOLTAs, and therefore, should also be excepted as a class of deposits from the recordkeeping requirements of final part 370. RETAs represent another type of pooled, custodial account in which a title/escrow agent deposits funds from multiple clients; the funds are usually held for a short period of time until the clients’ real estate transactions are completed. The commenters argued that the daily updating of beneficial ownership information is more costly than any perceived benefits would be. Deposit account recordkeeping for RETAs is also subject to the off-site recordkeeping requirements of § 330.5(b)(1) – (3) for fiduciary relationships. Therefore, covered institutions will only be required to assign a unique identifier to the account holder and maintain a “pending reason” code in its deposit account records in accordance with § 370.4(b)(1)(ii).

Mortgage servicing accounts. The FDIC received several comments requesting that the recordkeeping requirements of the proposed rule be revised to allow relevant information regarding mortgagors whose payments are placed in a mortgage servicing account (“MSA”) to continue to be maintained with the mortgage servicing company rather than at the covered institution. FDIC staff met with representatives of the mortgage servicing industry who provided FDIC staff with a more comprehensive description of the typical transactions which occur in a mortgage servicing account. Moreover, they explained that there are safeguards which would make the need to access the funds in such an account on the first business day after a covered institution’s failure a low priority for the servicer. For example, payments of principal and interest are made in advance; mortgage servicing contracts require the servicer to maintain back-up liquidity sources; and while the transaction volume in these accounts is usually high, the deposit amounts allocated to individual beneficial owners are typically far less than the Standard Maximum Deposit Insurance Amount (SMDIA). The FDIC has considered the mortgage servicing industry’s representations. Moreover, mortgage servicing deposit accounts are expressly included in § 330.7(d) and are usually held by a mortgage servicing company in a custodial or fiduciary capacity. Therefore, the FDIC has concluded that MSAs maintained by a third party mortgage servicer must only comply with the recordkeeping requirements set forth in 12 CFR 370.4(b)(1). Nevertheless, MSAs for which the covered institution serves as the mortgage servicer must comply with the recordkeeping requirements set forth in § 370.4(a).

Brokered deposits and sweep accounts. One commenter asserted that the FDIC’s proposed rule would fundamentally change the law of brokered deposits as applied to covered institutions. This commenter argued that FDIC’s grant of an exemption or exception in the FDIC’s sole discretion would vest the FDIC with unlimited power to discourage or prohibit lawful acceptance by well-capitalized covered institutions of brokered deposits and other deposits placed on a pass-through insurance basis through deposit allocation sweep services. The commenter proposed revising the proposed rule’s exemption provision to clarify that it would apply to deposits received through a deposit allocation or sweep service in amounts that do not exceed the SMDIA. It also requested that the proposed rule expressly permit a custodian or sub-custodian, as account holder, to refuse to provide beneficial owner data for all deposits placed through a deposit placement network or cash sweep program, and that the FDIC would grant the exception based on such refusal without requiring a particularized showing for each of the custodian’s customers. Another commenter also recommended that the exception apply automatically to deposits placed in a covered institution by a non-covered institution through a deposit placement network. This would assure community banks that they would not be penalized if they participated in a deposit placement network.

A third commenter provided data concerning the scope and composition of brokered deposits and sweep programs as a subset of the entire banking industry’s deposit base. According to this commenter, as of March 31, 2016, there were $813 billion of brokered deposits reported on bank Call Reports; of this amount, approximately $350 billion were brokered CDs. This commenter also estimated that $350 billion of the $813 billion reported brokered deposits are in sweep programs. Finally, some sweep programs have qualified for exemption from classification as “brokered deposits” and are therefore not reported as such on the Call Reports of those banks. This commenter estimated that between $600 billion and $700 billion are on deposit at banks through these exempted programs. Therefore, almost 13 percent of all domestic deposits are held on a pass-through basis through broker-dealers or other banks through these various deposit programs. This commenter also asserted that the average sweep deposit balances and purchases of brokered CDs are substantially below the SMDIA.

As discussed above, brokered deposits – as part of a deposit placement network or as brokered CDs offered by or sweep programs sponsored by a broker-dealer – represent another type of deposit account where a fiduciary or some other agent or custodian is the account holder on behalf of beneficial owners. In recognition of the permissive recordkeeping requirements set forth in § 330.5, the final rule provides for “alternative recordkeeping” for those deposit accounts. The covered institutions are authorized to maintain their account records for brokered deposit accounts in accordance with the off-site and multi-tiered relationship methods set forth in § 330.5(b). The covered institutions will only be required to assign a unique identifier to the account holder which will be the entity placing the deposit(s) in the covered institution. The covered institutions will not be able to designate the appropriate right and capacity code because they will not have access to the requisite underlying information regarding the beneficial owners; consequently, they will need to maintain in their deposit account records information sufficient to populate the pending reason field in the Pending File that would be generated by the IT system as required under §370.4(b)(1) and Appendix B of the final rule.

Prepaid cards. One commenter argued for a class exemption for closed-loop and non-reloadable cards because funds paid in exchange for many of these types of cards are not FDIC-insured on a pass-through basis, bank collection of information on the owners of the cards is limited at best, and the cards are often easily transferrable (e.g., given to friends or relatives). As discussed in the preamble to the NPR (and acknowledged by the commenter), the funds paid to a merchant for a closed-loop (or merchant) card are not insured on a pass-through basis by the FDIC because “the funds are not placed into a custodial deposit account at an insured depository institution.”¹⁷ The FDIC’s General Counsel’s Opinion No. 8 (“GC Opinion”) affirms this principle by stating that the GC Opinion “does not address merchant cards because such cards do not involve the placement of funds at insured depository institutions.”¹⁸ The guidance provided in the GC Opinion “is limited to bank cards and other nontraditional access mechanisms, such as computers, that provide access to funds at insured depository institutions.”¹⁹

This commenter also advocated for a class exemption for open-loop cards. The commenter noted that there are practical limitations to obtaining beneficiary-level information given customers’ very real concern for data security and privacy. It emphasized that employers and government agencies are very sensitive to daily transmittal of PII and would prefer to maintain the information in their own systems. In addition, this commenter believed that it is highly unlikely that any individual would receive benefits on an open-loop payroll card or government benefits card in excess of $250,000. Finally, it pointed out that other Federal agencies (the Consumer Financial Protection Bureau, FinCEN) have issued regulations on prepaid cards (or imposed additional customer identification requirements) that may or may not complement the proposed rule’s requirements.

As discussed in the FDIC’s Frequently Asked Questions Regarding Identifying, Accepting, and Reporting Brokered Deposits (“FAQs”), companies that distribute financial products (such as prepaid cards) that provide access to funds at one or more IDIs would not satisfy the “primary purpose exception,” and consequently would be considered as “deposit brokers,” and the deposits underlying the prepaid cards would be brokered deposits.²⁰ Therefore, covered institutions which issue prepaid cards but employ a third party (a “program manager”) to administer the prepaid card program would be subject to the recordkeeping requirements set forth in § 330.5 and § 330.7. The depositor information that would be necessary to complete a deposit insurance determination would be maintained off-site and by a third party custodian or other agent.

Because prepaid cards are considered to be a type of brokered deposit, covered institutions would be expected to comply with the basic recordkeeping requirements applicable to other brokered deposits as described in § 370.4(b)(1) of the final rule. Furthermore, prepaid cards would be recognized as a brokered deposit with transactional features. Therefore, the requisite beneficial ownership information for all deposit accounts which are associated with prepaid card programs, whether administered by the covered institution (as the program manager) or by an unaffiliated third party, must be submitted to the FDIC upon failure of the covered institution so that the FDIC will be able to use the covered institution’s IT system to determine deposit insurance coverage within 24 hours after appointment as receiver. One comment letter stated that for a subset of prepaid card accounts, the covered institutions have represented that they will modify their deposit systems (in addition to other IT systems enhancements required by the final rule) to be able to receive “sensitive [PII] from employers and government agencies at the specific point in time of a bank resolution.” According to the commenter, this additional modification would allow employers or governments to maintain the accuracy and integrity of employee/beneficiary data on their own systems. As discussed previously, Green Dot Bank has already developed a system which provides real time updates related to WalMart’s MoneyCard program.²¹ These industry-driven technological innovations should facilitate the covered institutions’ ability to comply with this critical timing requirement.

The covered institutions will be permitted to rely on the alternative recordkeeping requirements set forth in § 370.4(b)(1) for any type of deposit account that meets the criteria set forth therein, i.e., the covered institution’s deposit account records disclose the existence of a relationship which might provide a basis for additional deposit insurance in accordance with 12 CFR 330.5 or 330.7 (a “§ 370.4(b)(1) account”). Nevertheless, the final rule will impose one condition upon a certain subset of these accounts. In order to ensure that the FDIC will be able to complete its deposit insurance determination for § 370.4(b)(1) accounts with transactional features over closing weekend, the covered institution must certify that the respective account holder(s) will be able to provide the necessary depositor/beneficial owner information to the FDIC upon failure of the covered institution so that the FDIC will be able to determine the deposit insurance coverage within 24 hours of the FDIC’s appointment as receiver. The requisite depositor information for these § 370.4(b)(1) accounts must be received by the FDIC so that they will be part of the initial deposit insurance determination process. Examples of such deposit accounts include, but are not limited to: IOLTAs, brokered deposits with associated sweep accounts, and prepaid cards. For purposes of part 370, deposits placed by third parties that would otherwise be identified as brokered deposits but for the “primary purpose exception” as described in § 337.6(a)(5)(ii)(I) are nevertheless subject to the 24 hour requirement set forth in § 370.5(a).

If these deposit accounts are not part of the initial deposit insurance determination, then the FDIC would be required to place holds on the funds in those accounts until the necessary information is received and processed. As a result, the beneficial owners of these § 370.4(b)(1) accounts will not have access to their funds on the next business day after the covered institution’s failure. It is possible that for some depositors, this delay would create a hardship; the inability to access their funds could result in returned checks and an inability to handle their day-to-day financial obligations. In the event that a covered institution is unable to certify that it will be able to provide the required information regarding the § 370.4(b)(1) accounts within the 24 hour time frame, then the covered institution will have to request an exception from the FDIC for noncompliance with the time frame requirement. It is unlikely, however, that the FDIC will grant exceptions from the 24 hour requirement in the context of prepaid card accounts. Additionally, if the covered institution serves as the program manager of a prepaid card program, then the recordkeeping requirements of § 370.4(a) would apply; consequently, the covered institution would be expected to have the requisite beneficial owner (or prepaid card holder) information within the covered institution’s deposit account records.

Trust accounts. Although deposit insurance coverage for trust accounts is not dependent upon the principle of pass-through insurance, issues concerning the identification of the beneficiaries of a trust and their respective interests create a similar problem for covered institutions, and ultimately for the FDIC, when faced with making such deposit insurance determinations. Several commenters contended that covered institutions, regardless of client base, would satisfy at least one, if not all three, of the criteria identified as warranting an exception under §370.4(c) of the proposed rule for these types of accounts; i.e., the covered institution does not maintain information identifying the beneficial owner(s) and the account holder has refused to provide such information, disclosure of such information is protected by law or by contract, and information concerning the beneficiaries changes frequently and updating the information is neither cost effective nor technologically practicable. They stated that trustees are bound by common law and statutory fiduciary duties to keep certain information confidential, including PII such as the names and Social Security Numbers (“SSNs”) of the trust beneficiaries. The fiduciary duties of loyalty and confidentiality are the basis for allowing a Certification of Trust (provided for by § 1013 of the Uniform Trust Code), “to protect the privacy of a trust instrument by discouraging requests from persons other than beneficiaries for complete copies of the instrument in order to verify a trustee’s authority.” These commenters further believed (based upon anecdotal information) that individual trustees would open accounts at other institutions not subject to the proposed rule’s requirements to avoid having to respond to the unwanted inquiry from a covered institution. The commenters identified a number of different trust arrangements which should be included within the trust deposit exception: trusts administered by third-party individual or institutional trustees, collective investment funds (including common trust funds), corporate trustees for bond indentures, and fiduciary self-deposits made by covered institutions.

The FDIC has considered all of the arguments advanced by the commenters as described above. Rather than adopt the exception process as described in the proposed rule, the FDIC has decided to require recordkeeping for certain types of trust accounts based upon the covered institution’s knowledge about the trustee or grantor (the account holder) as well as information regarding the beneficiaries of the trust which should be maintained by the covered institution. The FDIC has developed this approach based upon the comment letters as well as discussions with several potentially covered institutions. Moreover, the FDIC has considered the deposit account ownership analysis provided in 12 CFR part 330 in the context of the various types of trust accounts. For example, the FDIC recognizes that such factors as the common law and statutory duties of confidentiality and loyalty imposed upon trustees would make it difficult or impossible for them to disclose the necessary information regarding the beneficiaries of certain trust accounts; therefore, the FDIC has determined that all deposit accounts established pursuant to a formal trust agreement – either formal revocable or irrevocable (when the trustee of the irrevocable trust is not the covered institution) must comply with the alternative recordkeeping requirements set forth in § 370.4(b)(2). This alternative recordkeeping method should include all formal revocable trust accounts which are commonly referred to as “living trusts” or “family trusts”²² as well as all irrevocable trust accounts when established by another person or entity as trustee.²³ Therefore, a covered institution would only be required to satisfy the more limited recordkeeping requirements set forth in § 370.4(b)(2) of the final regulation for these deposit accounts governed by a formal trust agreement. One requirement of that paragraph, however, provides that the covered institution maintain a unique identifier for the grantor of a formal trust account if the trust account has transactional features. The FDIC recognizes that many consumers now open formal trust accounts and use them to handle their daily financial transactions. Compliance with this requirement regarding the grantor of such an account will permit the FDIC to begin the deposit insurance determination process. Consequently, the customers’ outstanding checks will be processed and either paid or returned on the next business day, and they will be able to access their deposit accounts.

In contrast, any deposit account held in a covered institution established pursuant to an informal testamentary trust will be required to comply with all of the recordkeeping requirements set forth in § 370.4(a) of the final regulation. “Such informal trusts are commonly referred to as payable-on-death accounts, in-trust-for accounts or Totten Trust accounts” (“PODs”).²⁴ In order to satisfy the FDIC’s current regulations regarding deposit insurance coverage for informal revocable trust accounts, any IDI is required to specifically name the beneficiaries in the deposit account records of the IDI.²⁵ Finally, covered institutions which act as the trustee for certain irrevocable trust accounts would also be required to maintain trust account information in accordance with § 370.4(a) of the final regulation.

As with other classes of deposits for which the FDIC will not have the requisite information at the time of a covered institution’s failure, deposit insurance determinations on the various types of formal trust accounts will not be possible until the account holder provides the FDIC with the necessary trust documentation after closing weekend. Therefore, based upon how quickly the trust documentation and/or information about beneficiaries is provided as well as the number of trust accounts to be determined, account holders may experience a delay in receiving the insured deposits placed in their trust accounts. This is the deposit insurance determination process currently employed by the FDIC; however, the volume of trust accounts at a covered institution could be responsible for prolonging the deposit insurance determination period.

Security risks of collecting depositors’ PII. An area of particular concern for many commenters was the proposal’s requirement that a covered institution obtain PII from third parties such as financial intermediaries, trustees, escrow companies, benefit plan administrators, and government entities who have opened deposit accounts on behalf of other entities. A commenter remarked that the requirement to obtain and store PII and other sensitive information regarding covered institutions’ financial intermediary customers and their beneficial owners “would cause substantial disruption in the deposit markets and increase the risk of breaches of security of depositors’ [PII]”. The commenters expressed particular concern regarding the added security risk for both the financial intermediaries and the covered institutions if they are required to collect depositors’ PII for deposit accounts opened by various third parties on behalf of numerous beneficial owners.

The FDIC has identified two factors which mitigate this perceived heightened security risk. First, because the recordkeeping requirements for all types of pass-through deposit accounts will be based upon the permissive recordkeeping requirements set forth in §§ 330.5 and 330.7, the covered institutions will not be required to request, collect, and maintain PII on the beneficial owners of the deposits placed by certain financial intermediaries. In addition, the covered institutions will not be required to request and maintain information regarding the beneficiaries (which are required to perform a deposit insurance determination) of trust accounts which are governed by a formal trust agreement pursuant to §§ 330.10 and 330.13. Thus, the collection of sensitive or confidential depositor data will not be performed on a daily basis. Historically, during a closing weekend, all of the deposit account data from the failed bank would be transferred to the FDIC and loaded onto its system to conduct the deposit insurance determination. As a result of the adoption of the final rule, the FDIC would be able to use each covered institution’s in-house IT system to perform the deposit insurance calculations in the event of its failure. This new IT capability would eliminate the need to transfer all of the failed covered institution’s depositors’ PII.

Official items. The statutory definition of deposit includes, but is not limited to, certified checks, traveler’s checks, cashier’s checks and money orders.²⁶ Informally, these types of deposit instruments are known as “official items.” Part 330 of the FDIC’s regulations does not adopt this popular convention and contains no definition of official items. Nevertheless, the FDIC’s Financial Institution Employee’s Guide to Deposit Insurance (the “Gold Book”) utilizes the term and includes the following examples: money orders, expense checks, interest checks, official checks/cashier’s checks, travelers’ checks, and loan disbursement checks.²⁷ Two commenters stated that cashier’s checks, teller’s checks, certified checks, and personal money orders (all commonly known as “official items”) would be particularly problematic because the covered institution does not typically have tax identification numbers (“TINs”) for non-customer purchasers, payees, or holders of any of these instruments. Consequently, both commenters requested that these deposit instruments be exempted as a class from the proposed recordkeeping requirements in the final rule. Moreover, representatives of the banking industry and potentially covered institutions reiterated the practical difficulties of obtaining and maintaining the necessary depositor information regarding these deposit instruments during meetings with the FDIC. To address these issues, the FDIC adopted the following approach in the final rule: covered institutions will not be required to modify their recordkeeping practices with respect to these types of deposits. While the FDIC believes that covered institutions do generally maintain records concerning the number of deposit instruments issued and for which they are primarily liable, they routinely will not have a SSN or TIN for the payee. Therefore, pursuant to § 370.4(c) of the final rule, covered institutions will not be required to assign a unique identifier to the payee or designate the appropriate right and capacity code. Nevertheless, the covered institution must maintain in its deposit account records a “pending reason” code in data field 2 of the pending file format set forth in Appendix B for all of its official items.

Assigning right and capacity codes. One commenter submitted that the proposed rule’s requirement to assign the appropriate ownership right and capacity code to each of the covered institution’s deposit accounts presents practical and administrative challenges for both the covered institution and its deposit customers. Other commenters pointed out that covered institutions will be required to review all of their current account records in order to accurately identify and code their deposit accounts in accordance with the FDIC’s deposit insurance categories. In addition, many accounts on legacy systems would have to be reviewed and missing data and documentation obtained in order to comply with certain part 330 requirements. According to one commenter, this would be “a momentous undertaking” imposing significant burden.

Covered institutions would also have to develop new procedures when opening accounts and re-train employees to classify accounts appropriately. Also, in many cases, the covered institutions’ employees do not have the subject matter expertise to accurately designate some types of accounts such as trust accounts. Other types of deposit accounts potentially difficult to identify and/or designate include joint accounts and accounts for corporations, partnerships, and unincorporated associations. The problems with assigning the correct right and capacity code to joint accounts, as described by the commenters, will be discussed separately, infra. One commenter also believed that this requirement effectively transfers the FDIC’s responsibility to interpret and apply part 330 to the covered institutions. It asserted that “[n]on-covered institutions would not take on this additional responsibility.”

The commenters offered the following recommendations regarding the proposed requirement that covered institutions assign the correct right and capacity code to each deposit account. It appears the first choice would be for the FDIC to amend 12 CFR part 330 prior to finalizing proposed part 370 – presumably by eliminating certain criteria which the FDIC uses to define or characterize various categories of deposit accounts. Another suggestion would be to allow the covered institutions to rely on their internal coding to assign the requisite codes rather than requiring them to align their designations with the FDIC’s rights and capacities codes. The commenters seem to assume that in the context of bank failures and the concomitant deposit insurance determination, the FDIC disregards part 330’s requirements. The commenters requested that the final rule permit “covered banks to classify accounts for FDIC insurance determination as recorded on their internal systems, in line with FDIC’s current practice in bank failures.” The commenters asked that the FDIC make deposit insurance determinations in the same manner (based upon the same criteria) for covered institutions as it would in the case of a smaller bank failure.

As discussed previously in the preamble to the NPR, the FDIC will not be amending 12 CFR part 330 prior to or in conjunction with the issuance of 12 CFR part 370 as a final rule.²⁸ While both regulations concern deposit insurance, they serve independent purposes. The purpose of part 330 is, among other things, to “provide rules for the recognition of deposit ownership in various circumstances.”²⁹ The rules in part 330 are intended to assist both IDIs and their deposit customers to structure deposit accounts so that their accounts will be in conformance with the rules for various account types; in that way, a depositor could be confident that his or her funds will be fully insured by the FDIC in the event of the IDI’s failure. On the other hand, final part 370 requires the largest IDIs, the covered institutions, to develop IT systems capable of performing the deposit insurance calculations in the event of failure and to maintain their deposit account records in accordance with the information requirements set forth in the final rule. When 12 CFR part 370 is fully implemented, the FDIC will be in a better position to complete the deposit insurance determination “as soon as possible” rather than waiting for deposit account information to be provided after a covered institution’s failure which might result in an unacceptable delay.

The covered institutions requested that they be allowed to rely on the internal coding of their deposit accounts. The FDIC presumes that for many accounts, the covered institutions’ internal coding will, in fact, align with the appropriate FDIC right and capacity code, e.g., individual, joint, business, and PODs. In certain circumstances, however, it may be necessary for the covered institutions to refer to the appropriate section of part 330 and/or the Gold Book (or perhaps call the FDIC Call Center) in order to make an accurate assignment of the FDIC right and capacity code. All of the deposits held by a depositor in the same right and capacity must be aggregated before the deposit insurance determination can be performed. Assigning the correct right and capacity code is necessary so that the FDIC would be able to complete the deposit insurance determination promptly. If the codes assigned by the covered institutions don’t align with FDIC codes, then the FDIC could not rely on the covered institution’s records for deposit insurance determination purposes. In the context of a bank failure, FDIC will look behind the titling, to the failed bank’s records, if there is a question or concern regarding the proper deposit insurance coverage. The FDIC does not anticipate handling deposit insurance determinations at a covered institution in a different manner than it has done historically with smaller IDIs. Smaller IDIs have not generally had numerous deposit accounts that are not readily assigned to the most common FDIC rights and capacities codes; therefore, this has not created a problem for either the smaller institutions or the FDIC at failure. The FDIC has recognized, however, that for certain types of deposit accounts, e.g., those based upon pass-through deposit insurance and certain types of trust accounts, the covered institutions will not have sufficient information regarding the beneficial owners or the beneficiaries, respectively, to assign the correct FDIC right and capacity code. For those types of accounts, § 370.4(b)(1) and –(b)(2) permit the covered institution to maintain a “pending reason” code in the Pending File (as set forth in Appendix B) of its deposit account records in lieu of the correct right and capacity code.

Finally, the commenters asserted that this requirement, in effect, transfers the FDIC’s responsibility to interpret and apply part 330 to the covered institutions. IDIs play an important role in maintaining a functioning deposit insurance system, which benefits their customers and the public in general. Prompt payment of deposit insurance is only possible when IDIs maintain sufficient records to enable the FDIC to perform its deposit insurance determination function. The FDIC provides a number of different resources to the banking industry as well as the public to assist in the interpretation and application of the part 330 rules. For example, the FDIC conducts live Deposit Insurance Coverage Seminars for bank officers and employees throughout the year. Moreover, videos of these seminars are available on YouTube. The FDIC also provides guidance to IDIs and the public through the operation of a call center. FDIC staff receives calls from bank customer service representatives seeking assistance in real time to structure new deposit accounts for their customers properly. A new edition of the FDIC’s Gold Book was recently published, and finally, the Electronic Deposit Insurance Estimator (also known as “EDIE”) is located on the FDIC’s website. All of these FDIC resources are available for the use of IDIs (including the covered institutions) as well as the public. Presumably this information is instructive in opening and structuring deposit accounts so that they are (and remain) in compliance with the criteria set forth in part 330.

Joint accounts and signature cards. Both in response to the ANPR and the NPR, certain commenters have expressed their concern with the challenges they would face trying to comply with § 330.9(c)(1)(ii) of the FDIC’s regulations. That particular paragraph requires that “each co-owner has personally signed a deposit account signature card” in order to be a “qualifying joint account” for purposes of deposit insurance under part 330.³⁰ As discussed in section VI.D.5. Assigning rights and capacities codes, above, the covered institutions believe that they would have to go through all of their deposit accounts (in this particular case, those accounts styled as joint accounts) to verify that those accounts satisfied the part 330 requirements. They have characterized this process as a “momentous undertaking.” Moreover, the covered institutions expect that keeping these records accurate and up-to-date “would be a continuing and likely insurmountable challenge.” They noted that frequently an individual opening a joint account will take the signature card for a co-owner to sign, but never return the completed signature card to the bank establishing the account. Finally, the commenters asserted that “there is no current requirement for banks to (1) ensure that all signature cards are complete and on file for joint accounts, or (2) record in deposit recordkeeping systems which joint accounts have complete signature cards.”

In response to the commenters’ argument that there is no current requirement for banks to ensure that they maintain complete signature cards on file for joint accounts, the FDIC would counter that the current § 330.9(c)(1) represents such a requirement. Moreover, this is not a new or even recent requirement. The FDIC promulgated regulations requiring that each co-owner of a joint account must personally sign a signature card or the account would not be treated as a joint account for deposit insurance determinations in 1967.³¹

The FDIC addressed the commenters’ concerns regarding § 330.9(c) in the preamble of the NPR in section E. Signature Card Requirement.³² As discussed previously, the FDIC will not be amending provisions of 12 CFR part 330 as part of the adoption of part 370 as a final rule. Briefly, the FDIC’s justifications for maintaining the joint ownership signature card requirement are as follows: (i) the FDIC’s signature card requirement simply reflects safe and sound banking practice; (ii) the signature card represents the contractual relationship between the IDI and the depositor (or depositors), and signature cards are a reliable indicator of deposit ownership; and (iii) elimination of the signature card requirement for joint accounts could enable some depositors to “disguise” single accounts as joint accounts in order to be eligible for an additional $ 250,000 of deposit insurance coverage. Finally, the FDIC believes that the three year implementation time frame should provide the covered institutions with adequate time both to review their current and legacy account records and to develop procedures to maintain the accuracy of these records going forward.

Community banks. Several commenters noted that requiring account holders of deposits eligible for pass-through insurance to provide beneficial owner data would force community banks to share confidential data on their most vital asset, i.e., their large-dollar depositors. One commenter believed that community banks would incur steep costs and potential customer dissatisfaction if forced to comply with the covered institutions’ requests for the beneficial ownership information. However, financial intermediaries, which may include community banks, may not be willing to disclose sensitive and proprietary information regarding their customers to the covered institutions.

One of the commenters raised another major concern that the proposed rule would adversely affect community banks that participate in deposit placement networks. Deposit allocation services are a vital tool for community banks. According to this commenter, thousands of community banks participate in deposit placement networks. Those banks would be required to furnish competing banks with confidential information about some of their largest depository customers any business day that a community bank placed customer funds at a covered institution. Both commenters recommended that an exception from the requirements of the proposed rule should automatically apply to the class of deposits (rather than an account by account exception) placed by community banks in a covered institution through a deposit placement network. This type of exception would assure community banks that they would not be penalized if they participated in a deposit placement network.

The requirements of the final rule have eliminated the potential concerns of the community banks. As discussed above, the final rule provides for “alternative recordkeeping” for deposits placed by agents, custodians or some other fiduciary on behalf of others as set forth in §§ 330.5 and 330.7 of the FDIC’s deposit insurance rules. Therefore, community banks will not be required to provide covered institutions with proprietary information concerning their large-dollar customers in the event a community bank places deposits with a covered institution. As currently permitted pursuant to the applicable provisions of part 330, community banks will be allowed to retain the beneficial ownership information on these customers rather than provide it to the covered institution. Likewise, the recordkeeping requirements applicable to deposit placement networks will not be affected by the issuance of the final rule. Nevertheless, if deposits placed by community banks with covered institutions serve as transaction accounts for the beneficial owners thereof, then the underlying ownership information (i.e., the identity of each beneficial owner and their respective interest in the accounts) must be provided to the FDIC upon the covered institution’s failure so that the FDIC will be able to use the covered institution’s IT system to determine deposit insurance coverage for those deposit accounts within 24 hours after the FDIC’s appointment as receiver.

Foreign deposits. Two commenters recommended that foreign deposits, i.e., those deposits placed in the foreign branches of U.S. banks, should not be within the scope of the final rule. Both commenters asserted that the FDIC does not need depositor information concerning these foreign deposits; foreign deposits are not “insured” deposits, and therefore, the FDIC does not require that type of information in order to complete its deposit insurance determination. One of the commenters added that the FDIC already has access to information concerning foreign deposits because that information is required pursuant to § 360.9 of the FDIC’s regulations.

In accordance with 12 U.S.C. 1813(l)(5)(A), a foreign deposit is not a “deposit” unless it is dually payable in a U.S. branch and a foreign branch of a U.S. bank. If dually payable, however, it would be an uninsured deposit for purposes of the FDIC’s deposit insurance determination and would be recognized as a general unsecured claim (a priority two claim) against the failed bank’s receivership. Consequently, foreign deposits, by definition, are beyond the scope of the final rule. Therefore, no recordkeeping requirements will be imposed on the covered institutions with respect to foreign deposits. It is worth noting, however, that the FDIC will no longer have access to information regarding foreign deposits pursuant to § 360.9 once covered institutions are compliant with part 370 and are released from the § 360.9 requirements.

Exceptions process. Several commenters raised numerous concerns regarding the process for requesting exemptions and exceptions from the requirements of the proposed rule. One particular commenter argued that providing the FDIC with the authority to approve or disapprove a covered institution’s request “in its sole discretion” would confer unlimited power on the FDIC to discourage or prohibit lawful acceptance by well-capitalized covered institutions of brokered deposits and other deposits placed on a pass-through insurance basis through deposit allocation sweep services. This commenter cited as a source of concern recent regulatory actions by the FDIC and other Federal banking agencies and asked the FDIC to avoid the misperception that it will discourage lawful deposit brokerage relationships by making them too costly or burdensome for covered institutions. The commenter recommended that the final rule establish that the covered institution’s request for an exemption or exception would be granted whenever the stated factual predicate underlying that exception is met; e.g., a legal impediment that would prevent the disclosure of the beneficiaries of a trust account exists.

The commenter’s concern that the FDIC will exercise “virtually unlimited power to use the Proposed Rule … to discourage or prohibit well-capitalized covered institutions from accepting brokered and other pass-through deposits” is unfounded. In the event that the FDIC disapproves a covered institution’s request for an exception or exemption based upon its good faith evaluation of the circumstances, the covered institution would then have recourse to challenge the FDIC’s decision. Finally, the commenter’s concern that the FDIC would disapprove requests for exceptions that would result in well-capitalized covered institutions not being allowed to accept brokered deposits ignores the FDIC’s obligation to administer all of its regulations in a consistent manner. In considering requests for exceptions under part 370, the FDIC will not make determinations that would be inconsistent with the authority granted to covered institutions to accept brokered deposits pursuant to § 29 of the FDI Act³³ and § 337.6 of the FDIC’s regulations.

Several commenters asserted that obtaining the information from account holders that is needed for deposit insurance calculations would be a significant challenge; one of these commenters remarked that full compliance with the proposed rule for certain account types would be “extremely difficult if not practically impossible.” These commenters argued that the volume of information on financial intermediaries and their beneficial owners, the frequency of changes to the information, and certain legal impediments to disclosure would pose significant operational and cost issues. In addition to requesting exceptions for classes of deposits, some of the commenters believed that the final rule should also include a process for requesting exceptions for other “idiosyncratic accounts” for which obtaining the requisite depositor information would be impossible or cost-prohibitive.

The FDIC believes that the modifications to the recordkeeping requirements as described in the final rule should provide a great deal of relief to the covered institutions. As a result of the concerns raised in the comment letters as well as issues discussed during meetings with certain financial services industry representatives, the FDIC has decided that the deposit account recordkeeping requirements of part 370 should align with the permissive recordkeeping requirements provided in § 330.5 and § 330.7. As discussed, supra, these two sections of 12 CFR part 330 allow an IDI to maintain the deposit account records for various types of pass-through deposit accounts off-site and with unaffiliated third parties. Nevertheless, in the event that a covered institution has other “idiosyncratic accounts” which would not be covered by the recordkeeping methods described in §§ 330.5 and 330.7, the final rule includes a procedure for requesting an exception from the recordkeeping requirements set forth in § 370.4(a) and – (b). The covered institution would be required to submit a request to the FDIC for the exception in the form of a letter and explain the circumstances that would make it impracticable or overly burdensome to meet the applicable recordkeeping requirements; additionally, the request must provide the number and dollar value of the deposit accounts that would be subject to the exception. See, § 370.8(b). When reviewing the request, the FDIC would consider primarily the implications that a delay in deposit insurance determination would have for a particular account holder or the beneficial owner of the deposits, the nature of the deposit relationship, and the amount of control the covered institution has to obtain the information necessary to perform an accurate deposit insurance determination.

Several commenters believed a more detailed exception process than that provided for in the proposed rule is needed, and they posed a number of questions regarding the process. For example, there were several questions concerning how a covered institution would demonstrate that an entire class of deposit accounts would meet one or more of the three criteria for an exception. The commenters also asked whether a covered institution would be required to continue to gather depositor information on accounts subject to an exception request during the pendency of the FDIC’s consideration of that request. They wanted assurances both that the FDIC would respond expeditiously to requests for exceptions and that in the event that a request was denied, the FDIC would not require immediate compliance. The commenters were concerned that a covered institution be allowed a reasonable time to achieve compliance should an exception request be denied.

As discussed, supra, the final rule does not provide for classes of deposits to be “excepted” from the requirements of part 370. Instead, covered institutions will continue to be allowed to maintain the beneficial ownership information for deposit accounts that are currently subject to the off-site recordkeeping provisions of §§ 330.5 and 330.7 with the appropriate custodian, agent or other fiduciary as set forth in those sections of the FDIC’s regulations. Therefore, there is no need for a process to request exceptions for classes of deposits. It is the FDIC’s intention that the commenters’ concerns regarding the covered institutions’ compliance during the pendency of an exception request should be addressed by the FDIC’s position that a covered institution will not be in violation of part 370 while awaiting the FDIC’s decision regarding any request made pursuant to § 370.6 (b) or 370.8(a) – (c). See, § 370.11 (b). Finally, a covered institution will be given a reasonable amount of time to comply with recordkeeping requirements for certain deposit accounts in the event that the covered institution’s request for an exception is denied.

The commenters asked whether there would be a general sunset time frame for approved exceptions, and if so, whether there would be a flexible process to renew those exceptions. The final rule does not impose a general sunset time frame for approved exceptions; conceivably, approvals could be open-ended. Nevertheless, § 370.8(e) allows the FDIC to grant its approval of a covered institution’s request for an exception subject to certain conditions that would have to be met or to limit its approval to a particular time frame.

The Commenters also wanted to know what type of process there would be to appeal the FDIC’s adverse ruling on a petition for an exception. They recommended that the FDIC provide public notice of all exceptions granted or denied on a timely and ongoing basis – without naming the petitioners or specific deposit account holders – with explanations of the bases for those rulings. These commenters also believed that because the exception process “is so critical that input from covered institutions would be needed to assure a workable scheme,” the exception process should be further clarified and re-proposed for public notice and comment.

The FDIC believes that the modifications to the recordkeeping requirements as described in the final rule should provide a great deal of relief to the covered institutions. Because the final rule has not altered the current recordkeeping requirements, the FDIC does not anticipate that many covered institutions will need to request exceptions from part 370’s requirements. With respect to § 370.4(b)(1) accounts that have transactional features, if a covered institution will not be able to provide the certification required pursuant to § 370.5(a), then the covered institution must submit a request for an exception from the 24 hour requirement as provided for in § 370.8(b). Nevertheless, the FDIC expects to grant such exceptions only in rare circumstances in the case of prepaid card accounts. The FDIC’s denial of a covered institution’s request for any type of exception will constitute a final agency action.

Comments concerning the implementation period. The proposed rule provided for an implementation period of two years, and several commenters proposed that four years would be an appropriate time-frame for implementation. The FDIC has considered the commenters’ discussion of impediments that would exist for a two-year implementation period and believes that the modifications made in the final rule to harmonize it with the recordkeeping permitted under 12 CFR part 330 make a three-year implementation period reasonable and feasible.

5. Comments concerning possible adverse consequences

Several commenters expressed concern over possible adverse consequences of the rule for covered institutions, related entities, and the financial system generally if the proposed rule is adopted as proposed. One commenter specifically noted that the rule could result in treating some depositors at covered institutions differently than the same kind of depositors at non-covered institutions because the covered institution would be applying a more stringent standard to its deposits for insurance purposes, and deposit insurance determinations should not depend on the size or complexity of the depository institution. As discussed, supra, 12 CFR part 330 of the FDIC’s regulations which govern the criteria for ownership of deposits by right and capacity has not been amended in connection with the adoption of final part 370. Specifically, the FDIC has not imposed “more stringent standards” on covered institutions with respect to “qualifying joint accounts,” for example, than on any other IDI. As discussed in the preamble (I. Policy Objectives), the final rule ensures that customers of both large and small failed banks will receive the same prompt access to their funds and that deposit insurance limits are recognized equally at both large and small banks.

One commenter objected to the proposed rule’s requirement that if a covered institution is granted an exception, it must then notify account holders that delays in the payment of deposit insurance are possible due to the absence of required information. According to this commenter, such a notification could raise concerns on the part of depositors and lead them to rethink their account relationships. Singling out covered institutions for special disclosure requirements would be unjustified, likely drive deposits away from excepted accounts, create competitive disadvantages, and be categorically unfair. There are no notification (of possible delay in payment) requirements imposed specifically on covered institutions in the final rule. Therefore, the commenter’s concerns regarding unequal treatment of covered institutions, competitive disadvantage or categorical unfairness should be alleviated.

The FDIC has adopted the suggestion of another commenter, however, who argued that disclosures regarding a delay in payment should not be required whenever the custodian, administrator or other fiduciary will provide the current beneficial owner data to the FDIC before midnight on the day of the covered institution’s failure. Section 370.5(a) requires a covered institution to certify to the FDIC that the beneficial ownership information underlying all of its § 370.4(b)(1) accounts with transactional features will be available to the FDIC upon failure of the covered institution so that the FDIC will be able to use the covered institution’s IT system to determine deposit insurance coverage within 24 hours of its appointment as receiver. In view of this requirement, there is no need for covered institutions to provide notification of a possible delay in deposit insurance payments because the FDIC will have the requisite information in time to complete the deposit insurance determination on these time-sensitive accounts during the closing weekend.

One commenter asserted that certain account holders likely would be motivated to seek out alternative banking relationships rather than provide the information requested by the covered institutions. This would result in disruption to these account holders and to other aspects of their banking relationship, as well as to the deposit markets. One commenter argued that the proposed rule could discourage smaller and mid-sized retail-focused institutions from actively seeking small deposit accounts in order to avoid being covered by the proposed rule. This in turn could encourage such institutions to consider riskier and more volatile funding sources. The FDIC believes that these concerns have been addressed and mitigated by the alternative recordkeeping requirements found in § 370.4(b) of the final rule.

These commenters also asserted that “end-to-end” testing for compliance on an annual basis would involve an excessive commitment of time and personnel. The requirement for end-to-end testing has been deleted from the final rule. Finally, they contended that it is not necessary and not in accordance with corporate governance principles for a covered institution’s board of directors to certify or attest to the covered institution’s compliance with the proposed rule’s requirements. This additional board responsibility would be an undue burden on the board and should remain within the purview of the covered institution’s management. The FDIC considered this comment and revised the corporate governance requirement accordingly. In the final rule, § 370.10(a)(1)(ii), the annual certification must be signed by the covered institution’s chief executive officer or its chief operating officer.

9. Payment or Gift to Respondents

Not applicable.

10. Confidentiality

Information will be kept private to the extent allowed by law.

11. Information of a Sensitive Nature

The final rule would generally require covered institutions to ensure that their deposit account records contain sufficient information to identify owners of deposits, unless they are permitted otherwise in accordance with the FDIC’s deposit insurance rules in 12 CFR part 330. Such information would include personal and sensitive information such as the owner’s social security number, among other things.

The information that covered institutions would need to provide to the FDIC to demonstrate compliance with the final rule’s requirements would be aggregated in a summary report and is not expected to be sensitive in nature. The information that covered institutions would need to provide to the FDIC to substantiate a request for relief from an aspect of the final rule’s requirements is expected to be provided in a general manner and is not expected to be sensitive in nature.

12. Estimate of Hour Burden and Annual Costs

The estimated burden for the respondents for implementing the collection of information under the final rule is approximately 5.21 million hours. The estimated ongoing annual burden for the respondents is approximately 20,000 hours per year.

Implementation Burden:³⁴

	Number of respondents35	Estimated annual frequency	Estimated average hours per response36	Estimated total annual burden hours
Proposed Rule
Lowest Complexity Institutions	12	1	19,857	238,281
Middle Complexity Institutions	12	1	32,789	393,473
Highest Complexity Institutions	12	1	208,292	2,499,508
Proposed Rule Total	36	1	86,979	3,131,262
Final Rule Lowest Complexity Institutions	13	1	32,040	416,522
Middle Complexity Institutions	13	1	48,060	624,784
Highest Complexity Institutions	12	1	347,102	4,165,226
Final Rule Total	38	1	137,014	5,206,532
Change	2			2,075,270

Ongoing Burden:

	Number of respondents	Estimated annual frequency	Estimated average hours per response	Estimated total annual burden hours
Proposed Rule
Lowest Complexity Institutions	12	1	1,460	17,526
Middle Complexity Institutions	12	1	1,456	17,475
Highest Complexity Institutions	12	1	1,541	18,494
Proposed Rule Total	36	1	1,486	53,495
Final Rule Lowest Complexity Institutions	13	1	507	6,596
Middle Complexity Institutions	13	1	507	6596
Highest Complexity Institutions	12	1	566	6,796
Final Rule Total	38	1	526	19,988
Change	2			(33,507)

In estimating the costs of this rule, the FDIC engaged the services of an independent consulting firm. Working with the FDIC, the consultant used its extensive knowledge and experience with IT systems at financial institutions to develop a model to provide cost estimates for the following activities:

• Implementing the deposit insurance calculation

• Legacy data clean-up

• Data extraction

• Data aggregation

• Data standardization

• Data quality control and compliance

• Data reporting

• Ongoing operations

Cost estimates for these activities were derived from a projection of the types of workers needed for each task, an estimate of the amount of labor hours required, an estimate of the industry average labor cost (including benefits) for each worker needed, and an estimate of worker productivity. The analysis assumed that manual data clean-up would be needed for 5 percent of deposit accounts, 10 accounts per hour would be resolved, and internal labor would be used for 60 percent of the clean-up. This analysis also projected higher costs for institutions based on the following factors:

• Higher number of deposit accounts

• Higher number of distinct core servicing platforms

• Higher number of depository legal entities or separate organizational units

• Broader geographic dispersal of accounts and customers

• Use of sweep accounts

• Greater degree of complexity in business lines, accounts, and operations.

The following is a diagram of the cost model:

*Implementation costs include both the initial and ongoing costs associated with adopting this final rule.

Approximately half of the rule’s estimated total costs are attributable to legacy data clean-up. These legacy data clean-up cost estimates are sensitive to both the number of deposit accounts and the number of deposit IT systems. More than 90 percent of the legacy data clean-up costs are associated with manually collecting account information from customers and entering it into the covered institution’s systems. Data aggregation, which is sensitive to the number of deposit IT systems, makes up about 13 percent of the rule’s estimated costs.

The implementation costs for all covered institutions are estimated to total $389 million and require approximately 5.2 million labor hours. The implementation costs cover (1) making the deposit insurance calculation, (2) legacy data cleanup, (3) data extraction, (4) data aggregation, (5) data standardization, (6) data quality control and compliance, and (7) data reporting.

In terms of initial implementation, the estimated PRA burden for individual covered institutions will require between 29,158 and 911,016 burden hours, and these burden hours are monetized to range from $2.4 million to $94.7 million.

After initial implementation, the estimated hour burden on individual covered institutions for ongoing costs for reporting, testing, maintenance, and other periodic items is estimated to range between 458 and 666 labor hours, and these ongoing burden hours are monetized to be $68,676 and $99,865 annually.

ESTIMATED MONETIZED IMPLEMENTATION* COSTS BY COMPONENT

Components	Component Cost**	Percent of Total
Legacy Data Cleanup	$226,482,333	58.17%
Data Aggregation	64,015,373	16.44%
Data Standardization	36,573,894	9.39%
Data Extraction	25,397,761	6.52%
Quality Control and Compliance	18,403,006	4.73%
Insurance Calculation	9,500,400	2.44%
Reporting	5,971,800	1.53%
Ongoing Operations	2,999,963	0.77%
TOTAL COST	$389,344,530	100%
*Estimates of bank implementation costs include both initial and ongoing costs associated with this final rule. ** For the purposes of calculating component costs, the independent contractor utilized the following fully-loaded (wages plus benefits) labor cost estimates: System Developer, $100 per hour; ETL/Data Architect, $150 per hour; Business Analyst, $150 per hour; System Architect, $200 per hour; Program Manager, $300 per hour; Project Manager, $250 per hour; Compliance Analyst, $150 per hour; Deposit Platform Analyst, $150 per hour; General Administrative (internal), $65 per hour; General Administrative (external), $85 per hour.

13. Capital, Start-Up and Maintenance Costs

None. FDIC estimates that the existing computer systems and equipment currently used by respondent institutions will be sufficient to make the calculations and maintain the records required by the rule.

14. Estimated Annual Cost to the Federal Government

None. For the proposed rule the FDIC constructed a model that attempted to present all costs, both practical and notional, to the public. In the model the FDIC estimated that it would require as many as 15 fulltime equivalent employees to assist with the implementation of the regulation. However, the FDIC maintains examiner staffing levels commensurate with its long-term examination resource demands. Consequently, the FDIC would not hire 15 fulltime equivalent employees specifically for this regulation and would continue to meet its supervisory duties with the current staff and future staffing plans. The estimate of 15 full time equivalent employees was an illustrative item in the model designed to be responsive to comments from the Public but does not represent added costs borne by the FDIC as a result of the rule.

15. Reason for Change in Burden

New recordkeeping and reporting requirements contained in a new regulation. The estimates of initial and ongoing costs of implementation are higher than those provided in the NPR. The increase in total estimated implementation costs is the result of updating the data, reviewing the cost methodology, and incorporating comments received on the NPR. The FDIC’s initial estimate of the cost of this rule, as described in the NPR, was approximately $328 million. The FDIC has updated its cost estimate to $478 million, based in part upon comments the FDIC received in response to the NPR. The updated estimated cost to covered institutions represents $389 million of this total, with the remaining estimated costs including amortized future ongoing costs, depositor costs, and amortized future FDIC costs.

16. Publication.

Not applicable.

17. Exceptions to Display of Expiration Dates

None. The OMB Control Number and expiration date for this collection of information will be displayed when the Final Rule is published in the Federal Register.

18. Exceptions to Certification

None.

B. Collection of Information Employing Statistical Methods

Not applicable.

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified	0000-00-00
File Created	2021-01-23