Federal Reserve completes crypto-asset policy sprint

With the release of these supervisory letters, the Federal Reserve Board (the FRB) has now addressed each of the five issues that it said it would address in the November 2021 statement on the federal banking agencies’ crypto-asset policy sprint. Those issues are: (1) crypto-asset safekeeping and custody; (2) facilitation of customer crypto transactions; (3) crypto-collateralized lending; (4) the issuance and distribution of stablecoins; and (5) activities involving the holding of crypto-assets on balance sheet. The supervisory letter regarding the novel activities supervision program speaks to the first three issues; the FRB’s stablecoin letter speaks to the fourth issue; and the FRB and other agencies have said on multiple occasions that issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public and/or decentralized network, or similar system is highly likely to be inconsistent with safe and sound banking practices. 

Novel Activities Supervision Program

Background

In the face of “[f]inancial innovation supported by new technologies … [that] may create unique questions around their permissibility, may not be sufficiently addressed by existing supervisory approaches, and may raise concerns for the broader financial system,” the FRB announced the establishment of the Novel Activities Supervision Program (Program) in Supervision and Regulation Letter SR 23-7. The FRB describes the Program as a “risk-focused” supervisory effort intended to “complement existing supervisory processes, strengthening the oversight of novel activities” and “ensure that the risks associated with innovation are appropriately addressed.” The Program applies to all banking organizations the FRB supervises.

The FRB highlights four activities on which the Program will focus.

1. Complex, technology-driven partnerships with non-banks to provide banking services, such as non-banks providing customers access to banking products and services through “technologies like application programming interfaces (APIs) that provide automated access to the bank’s infrastructure.”
2. Crypto-asset-related activities, such as “crypto-asset custody, crypto-collateralized lending, facilitating crypto-asset trading, and engaging in stablecoin/dollar token issuance or distribution.” The FRB also pointed to its previous joint statements with the Federal Deposit Insurance Corporation (the FDIC) and the Office of the Comptroller of the Currency (the OCC) on crypto-asset risks to banks and liquidity risks to banks resulting from crypto-asset market vulnerabilities.
3. Projects that use distributed ledger technology (DLT) with the potential for significant impact on the financial system, including exploring or using DLT (which may include blockchain technology) for activities like issuing stablecoins and tokenization of securities or other assets.
4. Concentrated provision of banking services to crypto-asset-related entities and fintechs, meaning banks “concentrated in providing traditional banking activities such as deposits, payments, and lending to crypto-asset-related entities and fintechs.”

Supervisory impact

The FRB emphasizes in the supervisory letter that the Program will not supplant a bank’s existing supervisory team nor entail a bank moving to a separate supervisory portfolio. Instead, the Program will work in partnership with banks’ existing supervisory portfolios and teams, “leverag[ing] current supervisory processes to the extent possible to maximize efficiency and minimize burden.” Although the Program applies to all banking organizations it supervises, the FRB stresses that the Program will be “risk-based,” with a “level and intensity of supervision” corresponding to a bank’s “level of engagement in novel activities.”

The FRB intends for the Program to “help ensure that regulation and supervision allows for innovations that improve access to and the delivery of financial services, while also safeguarding bank customers, banking organizations, and financial stability.” The Program will thus “operate in keeping with the principle that banking organizations are neither prohibited nor discouraged from providing banking services to customers of any specific class or type, as permitted by law or regulation.” As part of the Program, the FRB promises that it will “stay abreast” of the latest issues, technologies, and products, “incorporate insights and analysis” from a variety of sources, and “continue to build upon and enhance its technical expertise.” The FRB expects that its experience administering the Program will “inform the development of supervisory approaches and guidance for banking organizations engaging in novel activities.” No information was given in the letter about who would be staffed on the Program and how it would be organized.

Banks subject to examination through the Program can expect written notice from the FRB. The FRB plans to “routinely monitor” banks exploring novel activities while “periodically evaluat[ing] and updat[ing]” which banks should be subject to examination by the Program.

State member bank guidance for stablecoin activities

Background

The FRB made clear in a policy statement issued on January 27, 2023 (the Policy Statement) that it would impose the same conditions on permissibility of the principal activities of state member banks as the OCC would for national banks. As the FRB notes, “[t]his principle of equal treatment helps to level the competitive playing field among banks with different charters and different federal supervisors and to mitigate the risks of regulatory arbitrage.” For example, if a national bank would have to demonstrate that it had sufficient controls in place to conduct an activity in a safe and sound manner and receive written nonobjection from OCC staff as conditions of legal permissibility, then the FRB would require a state member bank seeking to engage in the same activity to go through the same process with FRB staff.

In keeping with the principles articulated in the Policy Statement, the FRB released Supervision and Regulation Letter SR 23-8 / Consumer and Community Affairs Letter CA 23-5, which lays out the FRB’s process for state member banks to obtain supervisory nonobjection to engage in the stablecoin activities permissible for national banks under OCC Interpretive Letter 1174. The FRB refers to stablecoin activities as “dollar token” activities, but says the terms are synonymous. At the same time, the letter states that dollar tokens may include any bank liabilities, including deposits.

Nonobjection process for stablecoin activities

A state member bank must obtain written notification of supervisory nonobjection from the FRB in order to engage in activities permissible for national banks under OCC Interpretive Letter 1174, which includes issuing, holding, or transacting in stablecoins/dollar tokens to facilitate payments including for the purpose of testing. Other notice or approval requirements may also apply, such as approval under section 208.3 of Regulation H if the proposed activities represent a change in the general character of the bank’s business.

A state member bank seeking supervisory nonobjection must provide notice of its intent to engage in stablecoin/dollar token activities, as well as a description of those activities, to its lead supervisory point of contact at the FRB.[1] Staff may request additional information on the proposal and the control framework that the state member bank has proposed.

To obtain supervisory nonobjection, a state member bank must demonstrate that it “has controls in place to conduct the activity in a safe and sound manner,” i.e., “appropriate risk management practices for the proposed activities, including having adequate systems in place to identify, measure, monitor, and control the risks of its activities, and the ability to do so on an ongoing basis.” Federal Reserve staff will “assess whether the bank has demonstrated that it understands and will comply with laws that apply to the proposed activities.” In addition, Federal Reserve staff will focus on the risks discussed in the preamble to the Policy Statement, including:

• Operational risks, including those risks associated with the governance and oversight of the network; clarity of the roles, responsibilities, and liabilities of parties involved; and the transaction validation process (e.g., timing and finality of settlement of transactions, potential irreversibility of transactions, and the central authority of transaction records);
• Cybersecurity risks, including risks associated with the network on which the dollar token is transacted, the use of smart contracts, and any use of open source code;
• Liquidity risks, including the risk that the dollar token could experience substantial redemptions in a short period of time that would trigger rapid outflows of deposits;
• Illicit finance risks, including risks relating to compliance with Bank Secrecy Act and Office of Foreign Asset Control requirements, which include requiring banking organizations to verify the identity of a customer, perform due diligence to understand the nature and purpose of the customer relationship, and perform ongoing monitoring to identify and report suspicious activity; and
• Consumer compliance risks, including risks related to identifying and ensuring compliance with any consumer protection statutes and regulations that apply to the specific dollar token activity.

State member banks already engaged in stablecoin/dollar token activities as principal should notify their lead supervisory points of contact at the Federal Reserve by September 7, 2023. State member banks may continue to engage in preexisting activities while the Federal Reserve decides whether to grant a supervisory nonobjection for those activities or any planned expansion of such activities.

In addition to addressing the concerns set out in the most recent guidance, a banking organization seeking to engage in any crypto-asset-related activities should keep in mind the principle of “gates and guardrails,” which the federal banking agencies noted in the January 2023 joint statement. This principle suggests that crypto-asset-related activities should start with limited scale and scope, to provide time for validating compliance and risk management, and then could expand after an initial period if risk management processes and controls are shown to be effective.

In some ways, SR 23-8 can be seen as a placeholder unless and until stablecoin legislation is passed. Our client update describing the current leading bill can be found here. It remains to be seen if and when similar guidance will be issued for other crypto-asset-related activities, such as crypto-asset custody and facilitating crypto-asset trading. The FRB signaled, however, that banks should not expect similar guidance for engaging with crypto-assets as principal. In a footnote, the agency reiterates its belief that “issuing or holding as principal crypto-assets (referring generally to any digital asset implemented using cryptographic techniques) that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe and sound banking practices.”