81 FR 75753 - Removal of Transferred OTS Regulations Regarding Minimum Security Procedures Amendments to FDIC Regulations

FEDERAL DEPOSIT INSURANCE CORPORATION

Federal Register Volume 81, Issue 211 (November 1, 2016)

In this notice of proposed rulemaking (``NPR'' or ``Proposed Rule''), the Federal Deposit Insurance Corporation (``FDIC'') proposes to rescind and remove a part from the Code of Federal Regulations entitled ``Security Procedures'' and to amend FDIC regulations to make the removed Office of Thrift Supervision (``OTS'') regulations applicable to state savings associations.

[Federal Register Volume 81, Number 211 (Tuesday, November 1, 2016)]
[Proposed Rules]
[Pages 75753-75757]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2016-26062]


=======================================================================
-----------------------------------------------------------------------

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Parts 326 and 391

RIN 3064-AE47


Removal of Transferred OTS Regulations Regarding Minimum Security 
Procedures Amendments to FDIC Regulations

AGENCY: Federal Deposit Insurance Corporation.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: In this notice of proposed rulemaking (``NPR'' or ``Proposed 
Rule''), the Federal Deposit Insurance Corporation (``FDIC'') proposes 
to rescind and remove a part from the Code of Federal Regulations 
entitled ``Security Procedures'' and to amend FDIC regulations to make 
the removed Office of Thrift Supervision (``OTS'') regulations 
applicable to state savings associations.

DATES: Comments must be received on or before January 3, 2017.

ADDRESSES: You may submit comments by any of the following methods:
     FDIC Web site: http://www.fdic.gov/regulations/laws/federal/propose.html. Follow instructions for submitting comments on 
the agency Web site.
     FDIC Email: [email protected]. Include RIN #3064-AE47 on 
the subject line of the message.
     FDIC Mail: Robert E. Feldman, Executive Secretary, 
Attention: Comments, Federal Deposit Insurance Corporation, 550 17th 
Street NW., Washington, DC 20429.
     Hand Delivery to FDIC: Comments may be hand delivered to 
the guard station at the rear of the 550 17th Street building (located 
on F Street) on business days between 7 a.m. and 5 p.m.
    Please include your name, affiliation, address, email address, and 
telephone number(s) in your comment. Where appropriate, comments should 
include a short Executive Summary consisting of no more than five 
single-spaced pages. All statements received, including attachments and 
other supporting materials, are part of the public record and are 
subject to public disclosure. You should submit only information that 
you wish to make publicly available.
    Please note: All comments received will be posted generally 
without change to http://www.fdic.gov/regulations/laws/federal/propose.html, including any personal information provided. Paper 
copies of public comments may be requested from the Public 
Information Center by telephone at 1-877-275-3342 or 1-703-562-2200.

FOR FURTHER INFORMATION CONTACT: Lauren Whitaker, Attorney, Consumer 
Compliance Section, Legal Division (202) 898-3872; Martha L. Ellett, 
Counsel, Consumer Compliance Section, Legal Division, (202) 898-6765; 
Karen Jones Currie, Senior Examination Specialist, Division of Risk 
Management and Supervision (202) 898-3981.

SUPPLEMENTARY INFORMATION: Part 391, subpart A was included in the 
regulations that were transferred to the FDIC from the Office of Thrift 
Supervision (``OTS'') on July 21, 2011, in connection with the 
implementation of applicable provisions of title III of the Dodd-Frank 
Wall Street Reform and Consumer Protection Act (``Dodd-Frank Act''). 
With the exception of one provision (Sec.  391.5) the requirements for 
State savings associations in part 391, subpart A are substantively 
identical to the requirements in the FDIC's 12 CFR part 326 (``part 
326''), which is entitled ``Minimum Security Procedures.'' The one 
exception directs savings associations to comply with appendix B to 
subpart B of Interagency Guidelines Establishing Information Security 
Standards (Interagency Guidelines) contained in FDIC rules at part 364, 
appendix B. The FDIC previously revised part 364 to make the 
Interagency Guidelines applicable to both state nonmember banks and 
state savings associations.\1\
---------------------------------------------------------------------------

    \1\ 80 FR 65907 (Oct. 28, 2015).
---------------------------------------------------------------------------

    The FDIC proposes to rescind in its entirety part 391, subpart A 
and to modify the scope of part 326 to include state savings 
associations to conform to and reflect the scope of the FDIC's current 
supervisory responsibilities as the appropriate Federal banking agency. 
The FDIC also proposes to define ``FDIC-supervised insured depository 
institution or institution'' and ``State savings association.'' Upon 
removal of part 391, subpart A, the Security Procedures, regulations 
applicable for all insured depository institutions for which the FDIC 
has been designated the appropriate Federal banking agency will be 
found at 12 CFR part 326.

I. Background

The Dodd-Frank Act

    The Dodd-Frank Act \1\ provided for a substantial reorganization of 
the regulation of state and Federal savings associations and their 
holding companies. Beginning July 21, 2011, the transfer date 
established by section 311 of the Dodd-Frank Act, codified at 12 U.S.C. 
5411, the powers, duties, and functions formerly performed by the OTS 
were divided among the FDIC, as to state savings associations, the 
Office of the Comptroller of the Currency (``OCC''), as to Federal 
savings associations, and the Board of Governors of the Federal Reserve 
System (``FRB''), as to savings and loan holding companies. Section 
316(b) of the Dodd-Frank Act, codified at 12 U.S.C. 5414(b), provides 
the manner of treatment for all orders, resolutions, determinations, 
regulations, and advisory materials that had been issued, made, 
prescribed, or allowed to become effective by the OTS. The section 
provides that if such materials were in effect on the day before the 
transfer date, they continue to be in effect and are enforceable by or 
against the appropriate successor agency until they are modified, 
terminated, set aside, or superseded in accordance with applicable law 
by such successor agency, by any court of competent jurisdiction, or by 
operation of law.
---------------------------------------------------------------------------

    \1\ Dodd-Frank Wall Street Reform and Consumer Protection Act, 
Public Law 111-203, 124 Stat. 1376 (2010) (codified at 12 U.S.C. 
5301 et seq.).

---------------------------------------------------------------------------

[[Page 75754]]

    Section 316(c) of the Dodd-Frank Act, codified at 12 U.S.C. 
5414(c), further directed the FDIC and the OCC to consult with one 
another and to publish a list of the continued OTS regulations that 
would be enforced by the FDIC and the OCC, respectively. On June 14, 
2011, the FDIC's Board of Directors approved a ``List of OTS 
Regulations to be enforced by the OCC and the FDIC Pursuant to the 
Dodd-Frank Wall Street Reform and Consumer Protection Act.'' This list 
was published by the FDIC and the OCC as a Joint Notice in the Federal 
Register on July 6, 2011.\2\
---------------------------------------------------------------------------

    \2\ 76 FR 39247 (July 6, 2011).
---------------------------------------------------------------------------

    Although section 312(b)(2)(B)(i)(II) of the Dodd-Frank Act, 
codified at 12 U.S.C. 5412(b)(2)(B)(i)(II), granted the OCC rulemaking 
authority relating to both State and Federal savings associations, 
nothing in the Dodd-Frank Act affected the FDIC's existing authority to 
issue regulations under the FDI Act and other laws as the ``appropriate 
Federal banking agency'' or under similar statutory terminology. 
Section 312(c) of the Dodd-Frank Act amended the definition of 
``appropriate Federal banking agency'' contained in section 3(q) of the 
FDI Act, 12 U.S.C. 1813(q), to add State savings associations to the 
list of entities for which the FDIC is designated as the ``appropriate 
Federal banking agency.'' As a result, when the FDIC acts as the 
designated ``appropriate Federal banking agency'' (or under similar 
terminology) for state savings associations, as it does here, the FDIC 
is authorized to issue, modify and rescind regulations involving such 
associations, as well as for state nonmember banks and insured branches 
of foreign banks.
    As noted, on June 14, 2011, pursuant to this authority, the FDIC's 
Board of Directors reissued and redesignated certain transferring 
regulations of the former OTS. These transferred OTS regulations were 
published as new FDIC regulations in the Federal Register on August 5, 
2011.\3\ When it republished the transferred OTS regulations as new 
FDIC regulations, the FDIC specifically noted that its staff would 
evaluate the transferred OTS rules and might later recommend 
incorporating the transferred OTS regulations into other FDIC rules, 
amending them, or rescinding them, as appropriate.
---------------------------------------------------------------------------

    \3\ 76 FR 47652 (Aug. 5, 2011).
---------------------------------------------------------------------------

    One of the OTS rules transferred to the FDIC governed OTS oversight 
of minimum security devices and procedures for state savings 
associations. The OTS rule, formerly found at 12 CFR part 568, was 
transferred to the FDIC with only nominal changes and is now found in 
the FDIC's rules at part 391, subpart A, entitled ``Security 
Procedures.'' Before the transfer of the OTS rules and continuing 
today, the FDIC's rules contained part 326, subpart A entitled 
``Minimum Security Procedures,'' a rule governing FDIC oversight of 
security devices and procedures to discourage burglaries, robberies and 
larcenies and assist law enforcement in the identification and 
apprehension of those who commit such crimes with respect to insured 
depository institutions for which the FDIC has been designated the 
appropriate Federal banking agency. One provision in part 391, subpart 
A (391.5) is not contained in part 326, subpart A. It directs savings 
associations and certain subsidiaries to comply with the Interagency 
Guidelines Establishing Information Security Standards which were 
adopted jointly by the OTS and the FDIC and other banking agencies and 
are contained in appendix B to part 364 in FDIC regulations.
    After careful review and comparison of part 391, subpart A, and 
part 326, the FDIC proposes to rescind part 391, subpart A, because, as 
discussed below, it is substantively redundant to existing part 326 and 
simultaneously proposes to make technical conforming edits to the 
FDIC's existing rule.

FDIC's Existing 12 CFR Part 326 and Former OTS's Part 568 (Transferred 
to FDIC's Part 391, Subpart A)

    Section 3 of the Bank Protection Act of 1968 directed the 
appropriate federal banking agencies and the OTS' predecessor, the 
Federal Home Loan Bank Board (``FHLBB'') to establish minimum security 
standards for banks and savings associations, at reasonable cost, to 
serve as a deterrent to robberies, burglaries, and larcenies and to 
assist law enforcement in identifying and prosecuting persons who 
commit such acts.\4\ In the initial rulemakings, the agencies consulted 
and cooperated with each other to promote a goal of uniformity where 
practicable. The initial minimum security rules were simultaneously 
issued in January 1969 and were substantively the same.\5\
---------------------------------------------------------------------------

    \4\ 12 U.S.C. 1882.
    \5\ 34 FR 618 (January 16, 1969); 34 FR 621 (January 16, 1969).
---------------------------------------------------------------------------

    In 1991, the minimum security rules were substantially revised to 
reduce unnecessary specificity, remove obsolete requirements and place 
greater responsibility on the boards of directors of insured financial 
institutions for establishing and ensuring the implementation and 
maintenance of security programs and procedures. The former FHLBB rules 
at 12 CFR part 563a were redesignated as 12 CFR part 568 by the OTS. 
The OTS rules remained substantively the same as the FDIC's rules in 
part 326, subpart A.\6\
---------------------------------------------------------------------------

    \6\ 56 FR 29565 (June 28, 1991); 56 FR 13579 (April 3, 1991).
---------------------------------------------------------------------------

    In 2001, the FDIC and other federal banking agencies and the OTS 
issued Interagency Guidelines for Safeguarding Customer Information 
pursuant to section 501 of the Gramm Leach Bliley Act (``Protection of 
Nonpublic Personal Information'').\7\ At the same time, the OTS also 
added a provision at the end of its security procedures rules at 
section 568.5 directing saving associations and certain subsidiaries to 
comply with appendix B to the Interagency Guidelines. In a preamble 
footnote, the OTS indicated that the reason for the additional 
provision to its minimum security rules was ``[b]ecause information 
security guidelines are similar to physical security procedures.'' \8\ 
In 2004, following enactment of the Fair and Accurate Credit 
Transactions Act (FACT Act), the OTS, FDIC and other banking agencies 
revised the Interagency Guidelines for Safeguarding Customer 
Information and renamed them the Interagency Guidelines for 
Establishing Information Security Standards. The Interagency Guidelines 
were located in the FDIC rules at part 364. In 2015, the FDIC amended 
part 364 to, among other reasons, make it applicable to State savings 
associations.\9\ After careful comparison of the FDIC's part 326, 
subpart A with the transferred OTS rule in part 391, subpart A, the 
FDIC has concluded that the transferred OTS rules governing minimum 
security procedures are substantively redundant. Based on the 
foregoing, the FDIC proposes to rescind and remove from the Code of 
Federal Regulations the transferred OTS rules located at part 391, 
subpart A, and to make technical amendments to part 326, subpart A to 
incorporate State savings associations.
---------------------------------------------------------------------------

    \7\ 66 FR 8616 (Feb. 1, 2001).
    \8\ Id. at footnote 2.
    \9\ 80 FR 65903 (October 28, 2015).
---------------------------------------------------------------------------

II. The Proposal

    Regarding the functions of the former OTS that were transferred to 
the FDIC, section 316(b)(3) of the Dodd-Frank Act, 12 U.S.C. 
5414(b)(3), in pertinent part, provides that the former OTS's 
regulations will be enforceable by the FDIC until they are modified, 
terminated, set aside, or superseded in accordance with applicable law. 
After reviewing the rules currently found in part 391, subpart A, the 
FDIC proposes

[[Page 75755]]

(1) to rescind part 391, subpart A, in its entirety; (2) to modify to 
the scope of part 326, subpart A to include State savings associations 
and their subsidiaries to conform to and reflect the scope of FDIC's 
current supervisory responsibilities as the appropriate Federal banking 
agency for State savings associations; (3) delete the definition of 
``insured nonmember bank'' and replace it with a definition of ``FDIC-
supervised insured depository institution or institution,'' which means 
``any state nonmember insured bank or state savings association for 
which the Federal Deposit Insurance Corporation is the appropriate 
Federal banking agency pursuant to section 3(q) of the Federal Deposit 
Insurance Act (12 U.S.C. 1813(q));'' (4) add a new subsection (i), 
which would define ``state savings association'' as having ``the same 
meaning as in section 3(b)(3) of the Federal Deposit Insurance Act (12 
U.S.C. 1813(b)(3));'' and (5) make conforming technical edits 
throughout, including replacing the term ``FDIC-supervised insured 
depository institution'' or ``institution'' in place of ``bank'' 
throughout the rule where necessary.
    If the proposal is finalized, oversight of minimum security 
procedures in part 326, subpart A would apply to all FDIC-supervised 
institutions, including state savings associations, and part 391, 
subpart A, would be removed because it is largely redundant of the 
rules found in part 326. Rescinding part 391, subpart A, will serve to 
streamline the FDIC's rules and eliminate unnecessary regulations.

III. Request for Comments

    The FDIC invites comments on all aspects of this proposed 
rulemaking, and specifically requests comments on the following:
    (1.) What impacts, positive or negative, can you foresee in the 
FDIC's proposal to rescind part 391, subpart A?
    Written comments must be received by the FDIC no later than January 
3, 2017.

IV. Regulatory Analysis and Procedure

A. The Paperwork Reduction Act

    In accordance with the requirements of the Paperwork Reduction Act 
(``PRA'') of 1995, 44 U.S.C. 3501-3521, the FDIC may not conduct or 
sponsor, and the respondent is not required to respond to, an 
information collection unless it displays a currently valid Office of 
Management and Budget (``OMB'') control number.
    The proposed rule would rescind and remove from FDIC regulations 
part 391, subpart A from the FDIC regulations. This rule was 
transferred with only nominal changes to the FDIC from the OTS when the 
OTS was abolished by title III of the Dodd-Frank Act. Part 391, subpart 
A, is substantively similar to the FDIC's existing part 326, subpart A 
regarding oversight of minimum security procedures for depository 
institutions with the exception of one provision at the end of Part 
391, Subpart A which directs savings associations to comply with 
Interagency Guidelines which are located in appendix B to part 364. In 
2015, the FDIC proposed and finalized revisions to part 364 that made 
part 364, including the Interagency Guidelines in Appendix B, 
applicable to State savings associations as well as State nonmember 
banks.
    The proposed rule also would (1) amend part 326, subpart A to 
include state savings associations and their subsidiaries within its 
scope; (2) define ``FDIC-supervised insured depository institution or 
institution'' and ``state savings association;'' and (3) make 
conforming technical edits throughout. These measures clarify that 
state savings associations, as well as state nonmember banks are 
subject to part 326, subpart A. With respect to part 326, subpart A, 
the Proposed Rule does not revise any existing, or create any new 
information collection pursuant to the PRA. Consequently, no submission 
will be made to the Office of Management and Budget for review. The 
FDIC requests comment on its conclusion that this aspect of the NPR 
does not create a new or revise an existing information collection.

B. The Regulatory Flexibility Act

    The Regulatory Flexibility Act requires that, in connection with a 
notice of proposed rulemaking, an agency prepare and make available for 
public comment an initial regulatory flexibility analysis that 
describes the impact of the proposed rule on small entities (defined in 
regulations promulgated by the Small Business Administration to include 
banking organizations with total assets of less than or equal to $550 
million).\10\ However, a regulatory flexibility analysis is not 
required if the agency certifies that the rule will not have a 
significant economic impact on a substantial number of small entities, 
and publishes its certification and a short explanatory Statement in 
the Federal Register together with the proposed rule. For the reasons 
provided below, the FDIC certifies that the Proposed Rule would not 
have a significant economic impact on a substantial number of small 
entities.
---------------------------------------------------------------------------

    \10\ 5 U.S.C. 601 et seq.
---------------------------------------------------------------------------

    As discussed in this notice of proposed rulemaking, part 391, 
subpart A, was transferred from OTS part 568, which governed minimum 
security procedures for depository institutions. The initial minimum 
security rules, though issued separately by the agencies, were all 
published in January 1969. The OTS rule, part 568 had been in effect 
since 1991 and all State savings associations were required to comply 
with it. Because it is substantially the same as existing part 326, 
subpart A of the FDIC's rules and therefore redundant, the FDIC 
proposes rescinding and removing the transferred regulation now located 
in part 391, subpart A. As a result, all FDIC-supervised institutions--
including state savings associations and their subsidiaries--would be 
required to comply with the minimum security procedures in part 326, 
subpart A. Because all state savings associations and their 
subsidiaries have been required to comply with nearly identical 
security procedures rules since 1969, the Proposed Rule would not place 
additional requirements or burdens on any state savings association 
irrespective of its size. Therefore, the Proposed Rule would not have a 
significant impact on a substantial number of small entities.

C. Plain Language

    Section 722 of the Gramm-Leach- Bliley Act, codified at 12 U.S.C. 
4809, requires each Federal banking agency to use plain language in all 
of its proposed and final rules published after January 1, 2000. The 
FDIC invites comments on whether the Proposed Rule is clearly stated 
and effectively organized, and how the FDIC might make it easier to 
understand. For example:
     Has the FDIC organized the material to suit your needs? If 
not, how could it present the rule more clearly?
     Have we clearly stated the requirements of the rule? If 
not, how could the rule be more clearly stated?
     Does the rule contain technical jargon that is not clear? 
If so, which language requires clarification?
     Would a different format (grouping and order of sections, 
use of headings, paragraphing) make the regulation easier to 
understand? If so, what changes would make the regulation easier to 
understand?
     What else could we do to make the regulation easier to 
understand?

[[Page 75756]]

D. The Economic Growth and Regulatory Paperwork Reduction Act

    Under section 2222 of the Economic Growth and Regulatory Paperwork 
Reduction Act of 1996 (``EGRPRA''), the FDIC is required to review all 
of its regulations, at least once every 10 years, in order to identify 
any outdated or otherwise unnecessary regulations imposed on insured 
institutions.\11\ The FDIC completed the last comprehensive review of 
its regulations under EGRPRA in 2006 and is commencing the next 
decennial review. The action taken on this rule will be included as 
part of the EGRPRA review that is currently in progress. As part of 
that review, the FDIC invites comments concerning whether the Proposed 
Rule would impose any outdated or unnecessary regulatory requirements 
on insured depository institutions. If you provide such comments, 
please be specific and provide alternatives whenever appropriate.
---------------------------------------------------------------------------

    \11\ Public Law 104-208, 110 Stat. 3009 (1996).
---------------------------------------------------------------------------

List of Subjects

12 CFR Part 326

    Banks, Banking, Minimum security procedures, Savings associations.

12 CFR Part 391

    Security procedures.

Authority and Issuance

    For the reasons stated in the preamble, the Board of Directors of 
the Federal Deposit Insurance Corporation proposes to amend 12 CFR part 
326 and 12 CFR part 391 as set forth below:

PART 326--MINIMUM SECURITY DEVICES AND PROCEDURES AND BANK SECRECY 
ACT \1\ COMPLIANCE
---------------------------------------------------------------------------

    \1\ In its orginal form, subchapter II of chapter 53 of title 
31, U.S.C. was part of Public Law 92-508 which requires 
recordkeeping for and reporting of currency transactions by banks 
and others and is commonly known as the Bank Secrecy Act.

0
1. The authority citation for part 326 continues to read as follows:

    Authority:  12 U.S.C. 1813, 1815, 1817, 1818, 1819 (Tenth), 
1881-1883; 31 U.S.C. 5311-5314 and 5316-5332.2.
0
2. Revise subpart A to read as follows:

Subpart A--Minimum Security Procedures

Sec.
326.0 Authority, purpose, and scope.
326.1 Definitions.
326.2 Designation of security officer.
326.3 Security program.
326.4 Reports.


Sec.  326.0  Authority, purpose, and scope.

    (a) This part is issued by the Federal Deposit Insurance 
Corporation (``FDIC'') pursuant to section 3 of the Bank Protection Act 
of 1968 (12 U.S.C. 1882). It applies to FDIC-supervised insured 
depository institutions. It requires each institution to adopt 
appropriate security procedures to discourage robberies, burglaries, 
and larcenies and to assist in identifying and apprehending persons who 
commit such acts.
    (b) It is the responsibility of the institution's board of 
directors to comply with this part and ensure that a written security 
program for the institution's main office and branches is developed and 
implemented.


Sec.  326.1  Definitions.

    For the purposes of this part--
    (a) The term FDIC-supervised insured depository institution or 
institution means any insured depository institution for which the 
Federal Deposit Insurance Corporation is the appropriate Federal 
banking agency pursuant to section 3(q)(2) of the Federal Deposit 
Insurance Act, 12 U.S.C. 1813(q)(2).
    (b) The term banking office includes any branch of an institution 
and, in the case of an FDIC-supervised insured depository institution, 
it includes the main office of that institution.
    (c) The term branch for an institution chartered under the laws of 
any state of the United States includes any branch institution, branch 
office, branch agency, additional office, or any branch place of 
business located in any state or territory of the United States, 
District of Columbia, Puerto Rico, Guam, American Samoa, the Trust 
Territory of the Pacific Islands, the Northern Mariana Islands or the 
Virgin Islands at which deposits are received or checks paid or money 
lent. In the case of a foreign banks defined inSec.  347.202 of this 
chapter, the term branch has the meaning given in Sec.  347.202 of this 
chapter.
    (d) The term state savings association has the same meaning as in 
section (3)(b)(3) of the Federal Deposit Insurance Act, 12 U.S.C. 
1813(b)(3).


Sec.  326.2   Designation of security officer.

    Upon the issuance of Federal deposit insurance, the board of 
directors of each institution shall designate a security officer who 
shall have the authority, subject to the approval of the board of 
directors, to develop, within a reasonable time, but no later than 180 
days, and to administer a written security program for each banking 
office.


Sec.  326.3   Security program.

    (a) Contents of security program. The security program shall:
    (1) Establish procedures for opening and closing for business and 
for the safekeeping of all currency, negotiable securities, and similar 
valuables at all times;
    (2) Establish procedures that will assist in identifying persons 
committing crimes against the institution and that will preserve 
evidence that may aid in their identification and prosecution; such 
procedures may include, but are not limited to:
    (i) Retaining a record of any robbery, burglary, or larceny 
committed against the institution;
    (ii) Maintaining a camera that records activity in the banking 
office; and
    (iii) Using identification devices, such as prerecorded serial-
numbered bills, or chemical and electronic devices;
    (3) Provide for initial and periodic training of officers and 
employees in their responsibilities under the security program and in 
proper employee conduct during and after a robbery, burglar or larceny; 
and
    (4) Provide for selecting, testing, operating and maintaining 
appropriate security devices, as specified in paragraph (b) of this 
section.
    (b) Security devices. Each institution shall have, at a minimum, 
the following security devices:
    (1) A means of protecting cash or other liquid assets, such as a 
vault, safe, or other secure space;
    (2) A lighting system for illuminating, during the hours of 
darkness, the area around the vault, if the vault is visible from 
outside the banking office;
    (3) An alarm system or other appropriate device for promptly 
notifying the nearest responsible law enforcement officers of an 
attempted or perpetrated robbery or burglary;
    (4) Tamper-resistant locks on exterior doors and exterior windows 
that may be opened; and
    (5) Such other devices as the security officer determines to be 
appropriate, taking into consideration:
    (i) The incidence of crimes against financial institutions in the 
area;
    (ii) The amount of currency or other valuables exposed to robbery, 
burglary, and larceny;
    (iii) The distance of the banking office from the nearest 
responsible law enforcement officers;
    (iv) The cost of the security devices;
    (v) Other security measures in effect at the banking office; and
    (vi) The physical characteristics of the structure of the banking 
office and its surroundings.

[[Page 75757]]

Sec.  326.4   Reports.

    The security officer for each institution shall report at least 
annually to the institution's board of directors on the implementation, 
administration, and effectiveness of the security program.

PART 391--REGULATIONS TRANSFERRED FROM THE OFFICE OF THRIFT 
SUPERVISION

Subpart A--Security Procedures

0
3. The authority citation for part 391 is revised to read as follows:

    Authority:  12 U.S.C. 1819(Tenth).

Subpart A--[Removed and Reserved]

0
4. Remove and reserve subpart A consisting of Sec. Sec.  391.1 through 
391.5.

    Dated at Washington, DC, this 19th day of October, 2016.

    By order of the Board of Directors.

Federal Deposit Insurance Corporation.
Robert E. Feldman,
Executive Secretary.
[FR Doc. 2016-26062 Filed 10-31-16; 8:45 am]
 BILLING CODE 6714-01-P