The Federal Reserve is taking measured steps to better understand the types of cryptoasset-related activities contemplated by its supervised banking organizations.
On August 16, 2022, the Board of Governors of the Federal Reserve System (FRB) issued a Supervision and Regulation Letter outlining its expectations for FRB-supervised banking organizations engaged in cryptoasset-related activities (SR Letter 22-6). This follows the publication of a financial institution letter issued by the Federal Deposit Insurance Corporation (FDIC) in April 2022 (the FDIC Letter) and an interpretive letter issued by the Office of the Comptroller of the Currency (OCC) in November 2021 (the OCC Letter), both of which similarly address supervisory expectations in connection with cryptoasset-related activities engaged in by FDIC-supervised institutions and OCC-chartered banks (i.e., national banks and federal savings associations), respectively.
While SR Letter 22-6 does not mention President Biden’s March 2022 Executive Order on Ensuring Responsible Development of Digital Assets, it does seemingly address the Order’s broad mandate that federal financial regulators “consider the extent to which investor and market protection measures within their respective jurisdictions may be used to address the risks of digital assets and whether additional measures may be needed.”
According to SR Letter 22-6, the emerging cryptoasset sector presents potential opportunities to banking organizations, their customers, and the overall financial system. However, the FRB notes five areas in which cryptoassets pose distinct risks:
- Technology and operations risks related to cybersecurity and governance of the underlying network and any related arrangements, especially in open, permissionless networks
- Anti-money laundering (AML) and countering the financing of terrorism (CFT) risks, especially when transaction provenance and asset ownership is opaque
- Consumer protection risks such as those related to price volatility, misinformation, fraud, and theft or loss of assets
- Legal compliance risks such as uncertainty regarding the legal status of many cryptoassets; potential legal exposure arising from consumer losses, operational failures, and relationships with cryptoasset service providers; and limited legal precedent regarding how cryptoassets would be treated in varying contexts such as bankruptcy
- Financial stability risks, such as through destabilizing runs on assets (e.g., stablecoins) and disruptions in the wider payment systems
In light of these risks, FRB-supervised banking organizations are advised to:
- notify their lead supervisory point of contact at the FRB prior to engaging in cryptoasset-related activities;
- assess whether such cryptoasset-related activities are legally permissible under relevant state and federal laws;
- determine whether regulatory filings are required under the applicable federal banking laws; and
- have adequate systems, risk management, and controls in place to address the relevant cryptoasset-related risks and to conduct such cryptoasset-related activities in a safe and sound manner and in a way that is consistent with all applicable laws.
SR Letter 22-6 applies to all banking organizations supervised by the FRB, including those with $10 billion or less in consolidated assets. Such banking organizations include bank holding companies, state member banks, savings and loan holding companies, foreign banks operating in the United States, and other entities.
As noted above, the FDIC Letter and the OCC Letter also address supervisory expectations for FDIC-supervised institutions and OCC-chartered banks, respectively, that are seeking to engage in crypto-asset-related activities. Consistent with SR Letter 22-6, those letters instruct such FDIC-supervised institutions and OCC-chartered banks, as the case may be, to have adequate risk management and controls in place with respect to any crypto-asset-related activities, and, importantly, to provide the relevant regulators with advance notice of any offering of crypto-asset-related services (e.g., offering digital asset custody, holding stablecoin reserves, facilitating blockchain payments, conducting node services, etc.) prior to the offering of any such services.
FRB Issues Non-Traditional Account Access Guidelines
SR Letter 22-6 comes just a day after the FRB announced final guidelines (the Guidelines) establishing a “transparent, risk-based, and consistent set of factors for Reserve Banks to use in reviewing requests to access Federal Reserve accounts and payment services.” Entities offering new types of financial products or with novel charters (such as fintechs, digital payment services, and cryptoasset platforms) have increasingly requested access to the FRB’s “master accounts” and payment services to obviate the need to use intermediary banks. The Guidelines are intended to be used by the 12 regional Reserve Banks to evaluate those requests with a transparent and consistent set of factors, such as a three-tiered review framework describing the applicable levels of due diligence and scrutiny. FDIC-insured institutions would receive the most streamlined level of scrutiny, whereas eligible institutions that are not federally insured and not subject to prudential supervision by a federal banking agency would be subject to the strictest level of scrutiny.
All seven members of the Federal Reserve Board voted to approve the Guidelines, which became effective as of their publication in the Federal Register on August 19, 2022. In a public statement, FRB Governor Michelle W. Bowman noted that the Guidelines “are only the first step in providing a transparent process,” and cautioned market participants against “the expectation that reviews will now be completed on an accelerated timeline.”
In a separate speech on August 17, 2022, Governor Bowman discussed technology and innovation in financial services. She noted that the FRB is working to encourage and support responsible innovation by clearly articulating supervisory expectations for banks on a variety of digital asset-related activities, including:
- custody of cryptoassets
- facilitation of customer purchases and sales of cryptoassets
- loans collateralized by cryptoassets, and
- issuance and distribution of stablecoins by banking organizations.
In the meantime, the FRB stated in SR Letter 22-6 that given the “heightened and novel risks posed by crypto-assets,” it will continue to closely monitor banking organizations’ participation in cryptoasset-related activities.
Thus, any FRB-supervised banking organization that is contemplating a foray into the cryptoasset space should comply with SR Letter 22-6, and those already engaged in cryptoasset-related activities should “notify the FRB promptly regarding the engagement in such activities, if it has not already done so.” FRB-supervised banking organizations can in turn expect that FRB supervisory staff will provide timely feedback, as appropriate.
The FRB also encourages state member banks to notify their state regulator prior to engaging in any cryptoasset-related activity for the same reasons as outlined in SR Letter 22-6.