Financial Institutions Beware: FDIC Requests “Prompt” Notice of Crypto-Related Activities
Client Alert | 5 min read | 04.20.22
On April 7, 2022, the Federal Deposit Insurance Corporation (“FDIC”) issued a Financial Institution Letter (FIL-16-2022) (the “FIL”) requesting all FDIC-supervised institutions[1] (“Covered Institutions”) that intend to engage in or are currently engaged in activities related to or involving crypto assets to promptly notify the FDIC and any related state regulator. The FDIC identifies key areas of risk and concern, such as safety and soundness, financial stability, and consumer protection, and directs Covered Institutions to either: (1) provide notification to the FDIC prior to engaging in crypto-related activities; or (2) if currently engaging in such activities, to “promptly” notify the FDIC.
The new reporting request comes roughly a month after President Biden’s Executive Order on Ensuring Responsible Development of Digital Assets, which identified the FDIC as an independent regulatory agency that may participate in the interagency coordination process outlined in that Executive Order.[2] We summarize the FIL and provide key takeaways below.
Crypto-Related Activities and Associated Risks
The FIL defines “crypto asset” as any “digital asset implemented using cryptographic techniques.”[3] It then broadly defines “crypto-related activities,” for the purposes of the FIL as: (1) acting a crypto-asset custodian; (2) maintaining stablecoin reserves; (3) issuing crypto and other digital assets; (4) acting as market makers or exchange or redemption agents; (5) participating in blockchain- and distributed ledger-based settlement or payment systems, including performing node functions; and (6) related activities such as finder activities and lending.
The FIL goes on to state that crypto-related activities may pose safety and soundness, financial stability, and consumer protection concerns, such as:
Safety and Soundness:
- Whether it is possible for ownership to be clearly validated and confirmed;
- Crypto assets being used for illicit activities;
- Anti-money laundering/countering the financing of terrorism implications;
- IT risk exposure and whether sufficient risk-based frameworks are available to maintain the confidentiality, integrity, and availability of information systems;
- Whether it is possible to measure the degree of asset quality, credit risk, and counterparty risk exposure;
- Whether it is possible to determine whether an asset is bankable;
- Whether it is possible for insured depository institutions to manage risks and exposures;
- Market risk due to uncertainty around pricing and valuation methods;
- Evolving accounting, auditing, and financial reporting treatment of crypto assets and crypto-related activities; and
- Liquidity risk exposure for volatile crypto assets.
Financial Stability:
- A disruption in crypto-asset transactions or crypto-related activities that could result in a “run” on financial assets backing a crypto asset or crypto-related activity; and
- Operational failures related to crypto assets or crypto-related activities that could have a destabilizing effect on the insured depository institutions engaging in crypto-related activities.
Consumer Protection:
- Consumer confusion regarding crypto assets offered by, through, or in connection with insured depository institutions, where consumers may not understand the role of the bank or the speculative nature of certain crypto assets as compared to traditional banking products; and
- An institution’s effective management of the application of consumer protection requirements, including laws related to unfair or deceptive acts or practices, to new and changing crypto-related activities.
FIL Reporting Requirements
As we noted, the FIL directs Covered Institutions to either (1) provide notification to the FDIC prior to engaging in crypto-related activities, or (2) if already engaging in such activities, to promptly provide notification to the FDIC. The initial notification should include a description of current or potential crypto-related activities and the proposed timeline for engaging in these activities so the FDIC may assess the safety and soundness, consumer protection, and financial stability implications of proposed or ongoing activities. The FDIC will review the notification from the Covered Institution, request additional information as needed, “consider the safety and soundness, financial stability, and consumer protection considerations of the proposed activity,” and “provide relevant supervisory feedback to the FDIC-supervised institution, as appropriate, in a timely manner.”
Key Takeaways
Submissions
The FDIC’s request for information about potential or ongoing crypto-related activities, including engagement timelines, without a deadline, represents additional regulatory scrutiny of digital assets by those operating in the banking sector. Covered Institutions’ submissions will vary widely and they may require information from multiple internal stakeholders, including and especially with regard to the cybersecurity and stability of crypto assets, all of which may complicate the FDIC’s review process and lead to numerous follow-up requests from the FDIC.
FDIC Review
It remains to be seen if the FIL is simply an information-gathering effort, as the FIL portends an FDIC risk evaluation or engagement process that may dissuade Covered Institutions from future engagement or expanded activity with crypto assets. At a minimum, it may slow Covered Institutions’ adoption of crypto-related activities if they choose to wait for feedback from the FDIC before proceeding with any digital asset-related activities, or if the regulatory engagement process becomes too time-consuming. Such an outcome may be more likely in view of the FIL’s reminder that Covered Institutions are expected to be able to demonstrate their ability to conduct crypto-related activities in a safe and sound manner without further guidance on what may be considered safe or sound for crypto-related activities.
Similarities to OCC Oversight
In some respects, the FIL is similar to the Office of the Comptroller of the Currency’s (“OCC’s”) Interpretive Letter 1179,[4]which notes that national banks and federal savings associations should notify the OCC about proposed cryptocurrency activities and “should receive written notification of the supervisory non-objection.”[5] In Interpretive Letter 1179, the OCC said that to obtain supervisory non-objection, the “bank should demonstrate that it has established an appropriate risk management and measurement process for the proposed activities, including having adequate systems in place to identify, measure, monitor, and control the risks of its activities, including the ability to do so on an ongoing basis,” and identifies risks similar to those identified in the FDIC’s FIL. While the OCC’s Interpretive Letter 1179 provided regulatory clarity on national banks engaging in certain crypto-related activities, the FIL is conspicuously silent on whether it views crypto-related activities by Covered Institutions as permissible.
FDIC Next Steps
The FIL does not provide any specific reporting date or timeline, nor does it identify any timing for FDIC engagement or discussion in response to reported information. The lack of regulatory clarity as to what crypto-related activities, if any, are permitted (or prohibited) for Covered Institutions to engage in could limit further bank growth in the crypto-assets sector.
[1] FDIC-supervised institutions include any insured depository institution for which the Federal Deposit Insurance Corporation is the appropriate Federal banking agency pursuant, specifically including any State nonmember insured bank; any foreign bank having an insured branch; and any State savings association. 12 C.F.R. § 339.2; 12 U.S.C. § 1813(q).
[2] Executive Order on Ensuring Responsible Development of Digital Assets, § 2 (Mar. 9, 2022).
[3] FIL at n.2.
[4] OCC, Interpretive Letter #1179, Chief Counsel’s Interpretation Clarifying: (1) Authority of a Bank to Engage in Certain Cryptocurrency Activities; and (2) Authority of the OCC to Charter a National Trust Bank (Nov. 18, 2021).
[5] Id. at § 1. The OCC said that OCC-regulated banks engaged in cryptocurrency, distributed ledger, or stablecoin activities as of the date of Interpretive Letter 1179 do not need to obtain supervisory non-objection, but are expected to have provided notice to its prudential regulator, to be examined on these issues, and banks “should have systems and controls in place consistent with those described in this letter to ensure that all activities are conducted in a safe and sound manner and consistent with all applicable law.” Id. at n.3.
Contacts
Insights
Client Alert | 4 min read | 12.19.24
As we discussed in our recent client alert, the U.S. District Court for the Eastern District of Texas issued an opinion and order on December 3, 2024, ("the Order") enjoining the federal government from enforcing the CTA and a rule implementing it. The rule requires certain entities formed or registered to do business in the U.S. ("reporting companies") to report information about themselves and their beneficial owners to the Financial Crimes Enforcement Network ("FinCEN"), a bureau of the U.S. Department of the Treasury.
Client Alert | 4 min read | 12.19.24
Key Changes to the State Attorneys General – 2024 to 2025 Transition
Client Alert | 4 min read | 12.19.24
New EU Directive Impacting Digital Platforms and Individuals Working for Them
Client Alert | 3 min read | 12.13.24