Winston & Strawn LLP © 2007 CHICAGO GENEVA LONDON LOS ANGELES MOSCOW NEW YORK PARIS SAN FRANCISCO WASHINGTON, D.C. Institute of International Bankers Seminar on Regulatory Examination, Risk Management and Compliance Issues October 29-30, 2007 Regulatory Guidance on New Products and Complex Structured Finance Activities Paul S. Pilecki Winston & Strawn LLP Washington, DC

Winston & Strawn LLP © 2007 "New Products" Has a Broad Definition Product or service not previously offered Products and services offered to a new market Activities to be conducted for the first time in a new market Products and services offered to a new category of customers or counter parties Significant modifications to existing products, services, and activities Significant modifications to pricing

Winston & Strawn LLP © 2007 New Product Approval Process Requires Participation for All Relevant Parties Credit Risk Market Risk Operations Accounting Legal Compliance Senior Line Management Audit (Observer)

Winston & Strawn LLP © 2007 Other Issues for New Product Review Small changes that greatly alter the risk profiles justify review as a new product The compliance function determines whether a new or modified activity requires additional compliance processes, procedures or controls Requires interaction of business-line compliance staff with personnel responsible for enterprise-wide risk management

Winston & Strawn LLP © 2007 Governor Kroszner October 22 Speech Price Discovery -- Participants undertake due diligence before making buying and selling decisions New and innovative products -- Particularly strong demand for information that must be processed appropriately Breakdown in market for complex structured products Insufficient due diligence by buyers and sellers Investors realized the lack of transparency and the difficulty of pricing; unwilling to hold at any price

Winston & Strawn LLP © 2007 Interagency Statement on Sound Practices Concerning Elevated Risk Complex Structured Finance Transactions Issued January 11, 2007 by OCC, OTS, FDIC, FRB, and SEC Applies to banks, thrifts, branches and agencies, broker- dealers, and investment advisers Expectation to have effective risk management and internal control systems designed to identify elevated risk complex structured finance transactions ("CSFT") Evaluate, manage, and address risks Conduct activities in compliance with applicable law CSFT Statement does not pre-empt other supervisory guidance on risk management and controls

Winston & Strawn LLP © 2007 What a CSFT Is Not Standard public mortgage-backed securities transactions Public securitizations of retail credit cards Asset-backed commercial paper conduit transactions Hedging-type transactions involving "plain vanilla" derivatives and CLOs Other transactions with well established track records and that are familiar to financial market participants

Winston & Strawn LLP © 2007 Characteristics of an Elevated Risk CSFT Lacks economic substance or business purpose Designed or used primarily for questionable accounting, regulatory, or tax objectives (beware of reporting period ends) Concerns that public disclosures will be misleading or inconsistent with the substance of the transaction or applicable regulatory or accounting requirements Involves circular transfers of risk Involves oral or undocumented agreements that have a material impact Material economic terms that are inconsistent with market norms Compensation to bank is substantially disproportionate to services provided

Winston & Strawn LLP © 2007 What to Do When a CSFT Appears When involved in structuring, marketing, advising, or otherwise serving a substantial role, expectation kicks in to have Greater level of information concerning the customer's business purpose Knowledge of any special accounting, tax, or financial disclosure issues Procedures to be applied Due diligence commensurate with level of risks identified Review and approval by appropriate levels of control and management personnel with relevant expertise and stature Mitigate any significant legal or reputational risks Documentation sufficiently to ensure enforceability, proper disclosures have been given, internal procedures have been followed, and audit trails exist

Winston & Strawn LLP © 2007 Risk Management Principles for CSFTs General business ethics Monitoring compliance with internal policies and procedures Specialized training for oversight and review personnel Audit validation of adherence to control procedures Appropriate management reporting

Winston & Strawn LLP © 2007 Establish an Approval Process for CSFTs Policies and procedures should establish a clear framework for review and approval of individual CSFTs Incorporate the review of new CSFTs into new product policies by defining what is a "new" structure and establish a control process for approval Factors that are indicative of "new" Does the structure or pricing vary from existing products? Is the product targeted at a new class of customers? Is it designed to address a new need of customers? Does it raise significant new legal, compliance, or regulatory issues? Will the manner of offering deviate from standard market practices?

Winston & Strawn LLP © 2007 CSFT Considerations for Branches and Agencies Expected to be applicable only to "large" institutions Management review and approval of policies should be coordinated with worldwide policies developed under the rules of the home country supervisor Policies should be consistent with the foreign bank's overall corporate and management structure, risk management framework, and internal control environment