Earlier this month, the Federal Reserve Board (FRB) released two supervision and regulation letters regarding the agency’s program to supervise “novel” banking activities.
The release of these letters follows a January policy statement indicating the FRB’s interest in leveling the playing field in terms of subjecting uninsured and insured banks to the same limitations on activities, including novel banking activities. The policy statement also reiterates to state member banks that legal permissibility is a necessary, but not sufficient condition to establish that a state member bank may engage in a particular activity. Earlier this year, the FRB, along with the OCC and FDIC, issued a joint statement regarding crypto assets, indicating that the agencies were assessing how crypto-related activities by banking organizations could be conducted in a manner that adequately addressed safety and soundness, consumer protection, legal permissibility, etc.
The FRB defines “novel” as “complex, technology-driven partnerships with non-banks to provide banking services to customers; and activities that involve crypto-assets and distributed ledger or ‘blockchain’ technology.” The term includes fintech partnerships to the extent they involve technologies such as application programming interfaces that provide automated access to the bank’s infrastructure.
The first of the two supervision and regulation letters (SR 23-7) establishes a Novel Activities Supervision Program (the “Program”) that will focus on novel activities related to crypto, distributed ledger technology, and complex, technology-driven partnerships with nonbanks. The Program will complement the existing supervisory framework and will be risk-based (i.e., this will not be a separate supervision program). The FRB will notify those entities subject to the Program; the FRB will also continue to monitor for supervised banking organizations exploring novel activities. Leaders within the FRB as well as external experts will advise the new supervisory program.
In part, the Program will “inform the development of supervisory approaches and guidance for banking organizations engaging in novel activities” as well as help “ensure that regulation and supervision allow for innovations that improve access to and the delivery of financial services, while also safeguarding bank customers, banking organization, and financial stability.”
The second of the two supervision and regulation letters (SR 23-8) sets forth the supervisory non-objection process for state member banks seeking to engage in activities involving tokens denominated in national currencies and issued using distributed ledger technology or similar technologies to facilitate payments. A state member bank seeking to engage in activities permitted under the OCC Interpretive Letter 1174 (which includes issuing, holding, or transacting in dollar tokens to facilitate payments) is required to demonstrate to the FRB that the bank has controls in place to conduct the activity in a safe and sound manner. This includes demonstrating adequate systems to identify, measure, monitor, and control the risks of activities.
The FRB will focus on the following risks:
- operational risks: including risks associated with governance and oversight of the network; clarity of the roles, responsibilities, and liabilities of parties involved; and the transaction validation process;
- cybersecurity risks: including risks associated with the network on which the dollar token is transacted, the use of smart contracts, and any open source code;
- liquidity risks: including the risk that the dollar token could experience substantial redemptions in a short period of time that would trigger rapid outflows of deposits;
- illicit finance risks: including risks related to compliance with the Bank Secrecy Act and the Office of Foreign Asset Control requirements; and
- consumer compliance risks: risks related to identifying and ensuring compliance with any consumer protection statutes and regulations.
Banks that engage in issuing, holding, or transacting in tokens to facilitate payments will receive a written notification of supervisory nonobjection from the FRB. Banks with nonobjection letters are still subject to supervisory and “heightened” on-going monitoring of these activities.
Although these supervisory letters directly apply only to Federal Reserve member banks, the FDIC and the OCC may, formally or informally, apply similar standards and requirements. It would be wise for non-member state banks and national banks to review the FRB supervision and regulation letters.